Slashdot Mirror
LastPass Password Service Hacked
Trailrunner7 writes "LastPass, a popular Web based password management firm, advised its customers to change the password they use to access the service following what the company said are signs that its network may have been compromised."
Either you have an excellent memory or you're reusing the same password on multiple sites. If you're a mere mortal, like me, and you don't want to reuse a few passwords over and over again, you need a password manager.
Eagles may soar, but weasels don't get sucked into jet engines.
What's a "secured dropbox account?" Didn't we find out last week that Dropbox has the encryption keys to your stuff and will hand it over to pretty much anyone who asks nicely?
Eloi are stupid, throw morlocks at them!
In this case, we couldn't find that root cause. After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server). Because we can't account for this anomaly either, we're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed. We know roughly the amount of data transfered and that it's big enough to have transfered people's email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn't remotely enough to have pulled many users encrypted data blobs.
Gotta be honest here: Even if this WASN'T anything, if I had trusted my passwords for everything to some other party like this, I'd very well want them to be more than a bit paranoid in protecting it. So I say, kudos.
Demanding constant attention will only lead to attention.