LastPass hacked, password reset system bogged down by heavy traffic

Posted on

If you use LastPass to store all your passwords, you may want to change your master password. Users’ vaults containing their passwords for myriad accounts across the web are safe, but email addresses, password reminders and the code that could reveal master passwords may have been taken, according to a post from LastPass.

All users logging in from a new device or IP address will be asked verify their accounts via email unless they have multifactor authentication enabled. Those with multifactor authentication are likely safe from any breach into their password vault. LastPass will also require all users to change their password.

LastPass hacked, password reset system bogged down by heavy traffic
LastPass hacked, password reset system bogged down by heavy traffic

While the company asked users to wait to change passwords until asked, it appears the password reset system is currently overwhelmed.

This might not be the first time LastPass has been breached. In 2011, the site noticed an anomaly in data traffic that may have been the result of leaked passwords. Venture Beat also points out a Google security alert page posted to Imgur three weeks ago that may be related to the hack.

This should serve as a reminder that multifactor authentication should always be used. It’s available for most sites, including Facebook, Twitter and many banks and email accounts.

LastPass was also vulnerable because it provided storage for all passwords in the cloud. Some other password vault programs don’t store any password information on their servers, allowing users to sync data through other services and requiring hackers to access both the cloud-storage account and the master password for the vault. We’ve recommended 1Password before, but KeePass also provides a more secure (if less convenient) option.

Source:http://www.geekwire.com/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s