Major password manager fears possible database intrusion

Users of password manager LastPass may experience login issues today, as a flood of password changes clogs the company's servers. Yesterday, the company noticed some strange activity in its databases. Assuming the worst, it has required all LastPass users to change their master passwords, which are used to verify identify and grant access to each customer's own encrypted information. LastPass offers its each user the ability to store all of their most precious login information in a securely encrypted file on his or her computer. 

In a blog post, the company notes that it is likely overreacting, but it insists on taking no chances. "Because we can't account for this anomaly either, we're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed," the company says. The data it fears was accessed applies to customers who have master passwords based on dictionary words, which hackers can sometimes determine based on trial and error in a bare bones hacking strategy called a "brute-force attack."

This potential breach, while somewhat troubling, is likely nothing to worry about for the vast majority of LastPass users, and anyone who may be vulnerable can remedy that with the mandatory master password change. So while PlayStation Network users are checking their credit cards for fraudulent activity and registering with identify theft prevention agencies, the LastPass service's woes are more of a precaution than anything else. Of course, having a secure password is the first precaution against an account breach, so be sure to check out our guide to beefing up your passwords.

[Image Credit: mya!]

(Source)

Leave a comment