If you are one of the users who use Lastpass as your password manager, its time to change your master password. As explained on blog post from Lastpass, they noticed an issue yesterday and wanted to alert everyone. As a precaution, they also forcing everyone to change their master password.
The reason for this :
They noticed some anamoly in their network traffic on one of their non-critical machines & could not account it to be from a valid source and assuming the worst paranoid case that someone did accessed some data stored in the database .
Also, it looks like even though if someone tried to access some data, he tried using brute force method which means using dictionary words to guess the master password. So if you use a dictionary word as master password, you must change your master password as a precautionary measure.
If you have a strong, non-dictionary based password or pass phrase, this shouldn’t impact you – the potential threat here is brute forcing your master password using dictionary words, then going to LastPass with that password to get your data. Unfortunately not everyone picks a master password that’s immune to brute forcing.
We cant term this a s a data breach or security breach, its good that they are informing the users as many other companies can cover up this small issue.
Ashwin
May 5, 2011 @ 1:37 PM
Yikes, I better change mine. thanks for the heads up Avi.
PS: I don’t use any dictionary words though
Niroop
May 5, 2011 @ 7:22 PM
Use keepass. it is awesome.