Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: InfoSec Handlers Diary Blog - LastPass Problems InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

LastPass Problems

Published: 2011-05-05
Last Updated: 2011-05-05 15:14:37 UTC
by Chris Carboni (Version: 1)
9 comment(s)

Scott writes:

"It seems that LastPass is claiming a possible breach and has taken extraordinary measures that may be causing a bigger issue.

http://blog.lastpass.com/2011/05/lastpass-security-notification.html

Users are reporting the inability to get access to their data, and when I finally completed the REQUIRED migration process, my data appears corrupted and unusable. A second has already reported the same coruption. So this is not an isolated case.

http://forums.lastpass.com/viewtopic.php?f=12&t=24329&start=50

There is no followup from support yet, so who knows, but I strongly suspect my data is irrevocobaly lost, as that was a one time data reencrytion process (with no option to perform a backup!)

Recommendation for other LastPass users - wait until support comes back with an update."

John sent us a link to a Brian Krebs article on the topic

http://krebsonsecurity.com/2011/05/lastpass-forces-users-to-pick-another-password/

Leave a diary comment and let us know what you think about password managers and how you (hopefully) manage unique usernames and passwords for every site you visit.

Personally, I have an algorithm I've developed that allows me to determine a unique username and password for every online account I have, that I can figure out when arriving at the site.

Christopher Carboni - Handler On Duty

Keywords:
9 comment(s)
Diary Archives