LastPass Says Hackers May Have Stolen Password Data

According to Businessweek, “LastPass, a company that offers to safeguard and simplify managing subscribers’ online passwords, said hackers may have broken into its database and stolen information on as many as 1.25 million accounts.”  LastPass is the tradename of a Virginia company called Marvasol Inc.

LastPass touts itself as a safe and secure place for your most important data.


Kelly Jackson Higgins of Information Week states the obvious irony:

“The “last password you’ll ever need” now requires a reset: LastPass is forcing users of the password manager service to change the single master password they created for accessing websites, virtual private networks, and Web mail accounts via the tool. The move comes in response to the company’s discovery of unusual network activity around one of its databases.”

Hiawatha Bray of the Boston Globe wrote a useful article on April 28th describing some of the steps people should take to protect themselves from identity theft in response to the recent hack of the Sony PlayStation Network.  She listed some typical advice:

  1. Use a a different password at every Internet site.
  2. Buy file encryption software to protect stored credit card data, Social Security numbers, and financial records.
  3. Write down which credit cards you’ve used to register at various online services.
  4. Check your bank and credit card statements online frequently.
  5. Consider putting a freeze on access to your credit reports (referencing a part of Massachusetts data protection laws).

In a twist of irony, Bray recommended using a password manager program, like LastPass.

“PlayStation Network users can start by changing their other passwords, and fast. And consider getting a password manager program, such as RoboForm or the one I use, LastPass. These programs automatically generate a new, tough password for every site, then save the passwords in encrypted files on your computer or smartphone, and on the Internet.”

Class action anyone?

This entry was posted in Information Security and tagged , . Bookmark the permalink.

Comments are closed.