May have been hacked by LastPass

In LastPass, a multi-platform online password manager, an abnormal network traffic was detected, perhaps this was the result of a hacker attack. So, it would be better for users of the service to change their passwords.

LastPass, positioning itself as "the only password you need to remember," is an extension for all popular browsers. It automatically fills out forms with previously saved data and, with the click of a button, synchronizes personal data on the different computers that you use.

The company’s blog saysthat abnormal traffic was recorded on a non-critical server. Employees investigated this anomaly, but could not establish its cause. Then, a stream of outgoing traffic from one of the closed databases was noticed. “Since we cannot explain the reason for what happened, you can consider us paranoid, but we assume the worst - someone managed to gain access to the data stored in this database.”

It is known that the amount of stolen data was quite large, and may well contain customer email addresses and hashed passwords. However, it is reported that this volume was not so large as to damage all users, only a part suffered.

The LastPass team strongly recommends changing the master password. In addition, they will carry out verification by checking IP, or using mailbox authentication.

Although the extent of the losses is still unknown, for LastPass (named one of the best programs of 2009 by PCWorld) this situation may become an opportunity to test its new security mechanism: PBKDF2 (Password-Based Key Derivation Function), which uses SHA-256 on a server with 256 bit encryption (100,000 cycles).

Against the backdrop of the recent events related to identity theft (the most prominent example is Sony and approximately 77 million affected PlayStation Network users), it’s even good that LastPass is approaching this “paranoid” thing.

UPD, thanks alesot

Now the service is experiencing extreme loads, so we intentionally connect you offline.

Update 2 , 2:15 pm EST: A

record level of traffic plus a huge number of people trying to change their password exceeded our request processing speed.

We are changing tactics - if you have already managed to change the password, your request will be processed as usual.

If you have not changed your password, your request will be processed offline, so you can still use LastPass as usual. Only password synchronization will suffer + you will see a warning panel.

As soon as the load decreases, we will increase the percentage of requests for changing the password / checking e-mail sent to processing.

For those who have any problems, write to us at support@lastpass.com.
We have seen several messages about unsuccessful password changes, we think that this is due to downloading the old version.

Click on the LastPass-> Clear Local Cache icon and try again, it should work.