[ISN] LastPass alerts users about potential master password breach

From: InfoSec News <alerts_at_private>
Date: Fri, 6 May 2011 02:06:19 -0500 (CDT)

By Jaikumar Vijayan
May 5, 2011 

LastPass, an online password management provider, is forcing its users 
to change their master passwords after detecting what it described as a 
"traffic anomaly" on one of its database servers.

In a blog post on Wednesday, LastPass said it first noticed a network 
traffic irregularity on Tuesday morning when looking at the logs for one 
of its non-critical systems. It decided to dig deeper into the problem 
after it was unable to find a root cause for the problem.

"After delving into the anomaly we found a similar but smaller matching 
traffic anomaly from one of our databases in the opposite direction 
(more traffic was sent from the database compared to what was received 
on the server)," the blog post noted.

Because LastPass has been unable to account for this anomaly, it has 
decided to assume that the database has been compromised. The amount of 
data that was transferred out of its system is big enough to have 
contained people's email addresses, their salted password hashes and the 
server salt, LastPass said.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Fri May 06 2011 - 00:06:19 PDT

This archive was generated by hypermail 2.2.0 : Fri May 06 2011 - 00:13:15 PDT