back to article LastPass resets passwords following possible hack

Password management system LastPass has reset users' master passwords as a precaution following the discovery of a possible hack attack against its systems. The move follows the detection of two anomalies – one affecting a database server – on LastPass's network on Tuesday that could be the result of a possible hack attack. …


This topic is closed for new posts.
  1. Anonymous Coward

    Makes sense

    Just checked my account, same pword. Happy days.

  2. Anonymous Coward
    Black Helicopters


    I'm not being asked to reset either

    Hopefully there was no MITM being attempted instead...

  3. ttuk


    from what I can gather they are only asking people to reset if they see a login attempt from an ip address you haven't used recently

  4. peyton?
    Paris Hilton

    They allow simple passwords?

    Surely this company from the start new it would be a target for this kind of thing. Shouldn't the password guarding all your other passwords be required to be fairly strong?! My understanding of its point is to make password management easier - but requiring users to remember one strong password is not that big a deal.

    1. BristolBachelor Gold badge

      WTF Downvoters?

      With all people's eggs in one barsket, it's a bit obvious that this site would be a target.

      Why the downvotes for peyton's comments FFS!

      (Or is it because they suggested a Paris level of intellect and understanding on the part of the people who set-up and ran a system that allowed weak passwords and was so vulnerable to hacking that it was compromised twice independantly in a week?)

    2. ttuk

      it should..

      but its not critical...

      It's only really an issue if a hacker manages to get hold of the encyrpted data, as then they can sit and try and brute force it offline..

      However to download your encrypted data you need to enter the right password to their server (which is sent over as a hash, they don't have it).. but you only get 5 tries before they lock you out..

      1. Anonymous Coward
        Anonymous Coward

        Exactly what they're worried about

        Pretty sure they're worried about people stealing the hash for the lastpass password, which they can then attempt to brute force offline and gain access to all the other passwords. It is critical in that case.

  5. darren.b

    I changed mine anyway...

    ...even though I wasn't prompted to. It's simply not worth the risk having someone get access to such sensitive data.

  6. TonyHoyle

    No reset here

    Which is a relief.

    They did the right thing. Properly functioning auditing detected the anomaly, they investigated and even though they can't prove it's a compromise took the decision to err on the side of caution before it became a full blown breach.

    Much better than certain large consumer electronics companies I could mention.

    1. G C M Roberts
      Thumb Up


      Speaking of which can any readers remind me of my credit card expiry date and my EQ2 login details? Ta.

      1. >Geoff

        @G C M Roberts

        Your credit card expiry date is 08/11.

  7. Pat 11

    Some things do not belong in the cloud

    If you store your important logins on a remote server not under your control, the very best of luck to you. Some things are best not in the cloud.

    1. Captain Scarlet Silver badge

      Little bit of paper

      Same with the little bit of paper, which was destroyed by the washing machine :'(

  8. Highlander

    So, it's not just Sony that get's hacked?

    Interesting story, I wonder where the hate is? Surely after Sony's example, every organization that get's hacked should be subject to several stories that offer increasingly speculative worst case scenarios and bias against the organization that was hacked? Where are all the words of blame? Good lord, this is a password management company, they were a target the moment they commenced operation, and they know/knew it. Considering the service they offer, I can only hope that they quickly determine how someone got into their systems and do take the opportunity to improve their hashing.

  9. Fred Flintstone Gold badge

    Ah, the irony of it..

    So this is the site that wants you to store all their passwords with them?

    Whoehahahaha! HihiHAAAAAAHAHAHAHAHAAAA Hi. HaHAAAAAAAAHAHAHA. Hihi, hi, hahahaha, hihihaha, hi, snirf (wiping eyes and blowing nose). And it's not even Friday yet. Hahahaha. Cough.

    This deserves some sort of award..

    1. Scorchio!!
      Thumb Up

      Re: Ah, the irony of it..

      "So this is the site that wants you to store all their passwords with them?"

      Cloud mania again. I wouldn't trust any third party with my passwords for the security reason among others, and I'll continue to use Mirek W's PINs, which I carry around with me and use to access password protected files, and store in a True Crypt container when I travel:

      I can use this even when my ISP or the LastPass provider is down.

  10. Anonymous Coward

    Why the schadenfreude ?

    In today's world, a password manager is an essential tool. They only way a person who is reasonably net-enabled could avoid the need for one, is to use the same password fo all sites (or some fairly easy to mangling). OK, some password managers can run in portable USB format, which is great - until you get a PC with a disabled USB port. So a cloud-based system is pretty nifty.

    Given that LastPass is FREE, if you're so inclined, I don't think they're doing such a bad job. Certainly made my life easier. And having been hit by this myself, and unable to access my vault online, I am seriously impressed that they quickly posted a link to "LastPass Pocket" which allows you to access your locally stored cache.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021