Wednesday, May 11, 2011

LastPass Hacked with Possible Data Leaks

This is starting to look like "hacks and leaks season". After Sony's PSN being hacked twice this spring, now it was password management program developer's network, LastPass to be targeted by hackers.

Three month after "one million people have said "goodbye" to password insanity", LastPass announces its users, through an email, that on may 3rd "suspicious network activity" has been detected on their internal network. Investigations determined there is a possibility that "limited amount of data was accessed". As a security measure, LastPass locked down all accounts and prevented access from unknown locations. However, LastPass does not have access to users master password or confidential data.

As an emergency reaction, LastPass quickly implemented a security layer based on the account/IP correspondence. To avoid access from unauthorized IPs, users were forced to set passwords per specific IP they will be connecting from after verifying the email address. To further secure user accounts, LastPass now requires user to verify their identity when logging in. Users are prompted to validate their email when trying to log in from a new location. This prompt will continue to appear until the user changes his master password or indicates that he is comfortable with the strength of the current master password.

What is LastPass ?
An online password manager and form filler that makes web browsing easier and more secure.

How to use LastPass ?

Watch the rest of the screencasts here.

Watching those videos you will see what a great piece of software LastPass is. If you are in doubt because of this hack, read their blog and see how professional and quick their reaction was, also they  immediately let their users know about the issue, unlike Sony, who needed more than a week to let people know their data might be in the wrong hands.