LastPass forces users to change master password after network traffic oddity

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
LastPass has issued a statement on its blog (see below) saying it had noticed an anomaly in network traffic for a few minutes to one of its non-critical machines - resulting in the unauthorised transmission of data.

Engineers at LastPass tried to identify the traffic source and failed, so they are forcing its million of users to change their master passwords as a precaution.

More details - link
 
  • Like
Reactions: Kent

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
I've just logged in to LastPass with my old password.....didn't see any notification that asks me to change the password.
The "Sony" breach manage to scare everyone ... now they are all taking "precaution" just to be sure. :lolz:
 

Tweak

New Member
Jan 8, 2011
274
I noticed an issue with connecting to their servers, even now once logged in it states they are "overloaded" and that I "should try again in a few hours". Makes me consider returning to my previous method before recently adding LastPass.
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Tweak said:
I noticed an issue with connecting to their servers, even now once logged in it states they are "overloaded" and that I "should try again in a few hours". Makes me consider returning to my previous method before recently adding LastPass.
Yes..I've also had a problem while trying to connect to their servers...but now everything is ok :D
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
UPDATE 1: We're overloaded handling support and the sheer load of password changes is slowing us down. We've implemented a way for you to verify your email and then not be immediately forced to change your password for that IP, access from any other IP would bring you back to email verification. You can now wait a few days if you know you'll be on the same IP without loss of security, and due to this overloading we think that's prudent to wait.

We're asking if you're not being asked to change your password then hold off -- we're protecting everyone.

You can access your data via LastPass in offline mode (pull the cable out of the wall then login) or by downloading LastPass Pocket : https://lastpass.com/misc_download.php (choose your OS)
http://blog.lastpass.com/2011/05/lastpass-security-notification.html
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Right now , I can't connect to LastPass servers.... They seem to be "down for good" ,I don't eve recieve that "error" thing:p
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
When I posted that, I couldn't connect either.

Luckily it has an offline mode. :p
 

Littlebits

Retired Staff
May 3, 2011
3,893
I have temporary disabled LastPass extension on Firefox until they fix the problems because it is slowing down Firefox.

Thanks.:D
 

Dejan

New Member
Mar 3, 2011
559
This happened to me, I was so paranoid I just started to shake, it even asked me for my old password. If it wasn't for WOT, SLL and the correct domain, I never would have dome this. All is well now sort of.
 

bogdan

Level 1
Jan 7, 2011
1,362
PCWorld obtained an exclusive interview from LastPass CEO that explains what happened and if we should be concerned: link.

Since they only store salted hashes of your password there is no way an attacker can get to your data using directly what might have been stollen. However, if your password is week (based on dictionary words) the attacker can try to brute-force it.

Their servers didn't experience difficulties because of an attack, but because many people rushed in to change their master password. The best thing to to is change your passwords for important sites. For example go to your banking site an change your password, go to google and change your password, etc. My LastPass plugin works in offline mode at the moment. If you experience difficulties with it, they recommand clearing your cache (Click the LastPass button -> Tools -> Clear Local Cache)
 

McLovin

Level 76
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,222
Littlebits said:
I have temporary disabled LastPass extension on Firefox until they fix the problems because it is slowing down Firefox.

Thanks.:D

I Hav done this as well :p
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top