LastPass forces users to change master password after network traffic oddity

[Jack]

LastPass has issued a statement on its blog (see below) saying it had noticed an anomaly in network traffic for a few minutes to one of its non-critical machines - resulting in the unauthorised transmission of data.

Engineers at LastPass tried to identify the traffic source and failed, so they are forcing its million of users to change their master passwords as a precaution.

More details - link

 

[Jack]

I've just logged in to LastPass with my old password.....didn't see any notification that asks me to change the password.
The "Sony" breach manage to scare everyone ... now they are all taking "precaution" just to be sure. :lolz:

 

[Tweak]

I noticed an issue with connecting to their servers, even now once logged in it states they are "overloaded" and that I "should try again in a few hours". Makes me consider returning to my previous method before recently adding LastPass.

 

[Jack]

I noticed an issue with connecting to their servers, even now once logged in it states they are "overloaded" and that I "should try again in a few hours". Makes me consider returning to my previous method before recently adding LastPass.

Yes..I've also had a problem while trying to connect to their servers...but now everything is ok

 

[Ink]

UPDATE 1: We're overloaded handling support and the sheer load of password changes is slowing us down. We've implemented a way for you to verify your email and then not be immediately forced to change your password for that IP, access from any other IP would bring you back to email verification. You can now wait a few days if you know you'll be on the same IP without loss of security, and due to this overloading we think that's prudent to wait.

We're asking if you're not being asked to change your password then hold off -- we're protecting everyone.

You can access your data via LastPass in offline mode (pull the cable out of the wall then login) or by downloading LastPass Pocket : https://lastpass.com/misc_download.php (choose your OS)

http://blog.lastpass.com/2011/05/lastpass-security-notification.html

 

[Jack]

Right now , I can't connect to LastPass servers.... They seem to be "down for good" ,I don't eve recieve that "error" thing

 

[Ink]

When I posted that, I couldn't connect either.

Luckily it has an offline mode.

 

[Littlebits]

I have temporary disabled LastPass extension on Firefox until they fix the problems because it is slowing down Firefox.

Thanks.

 

[Dejan]

This happened to me, I was so paranoid I just started to shake, it even asked me for my old password. If it wasn't for WOT, SLL and the correct domain, I never would have dome this. All is well now sort of.

 

[bogdan]

PCWorld obtained an exclusive interview from LastPass CEO that explains what happened and if we should be concerned: link.

Since they only store salted hashes of your password there is no way an attacker can get to your data using directly what might have been stollen. However, if your password is week (based on dictionary words) the attacker can try to brute-force it.

Their servers didn't experience difficulties because of an attack, but because many people rushed in to change their master password. The best thing to to is change your passwords for important sites. For example go to your banking site an change your password, go to google and change your password, etc. My LastPass plugin works in offline mode at the moment. If you experience difficulties with it, they recommand clearing your cache (Click the LastPass button -> Tools -> Clear Local Cache)

 

[McLovin]

I have temporary disabled LastPass extension on Firefox until they fix the problems because it is slowing down Firefox.

Thanks.

I Hav done this as well