LastPass Loses Passwords for 1.25 Million Customers to Hackers

[security curmudgeon <jericho () attrition org>]

http://www.businessweek.com/news/2011-05-05/lastpass-loses-passwords-for-1-25-million-customers-to-hackers.html

LastPass Loses Passwords for 1.25 Million Customers to Hackers
May 05, 2011, 12:03 PM EDT
By Michael Riley

May 5 (Bloomberg) -- LastPass, a company that offers to safeguard and 
simplify managing subscribers' online passwords, said hackers may have 
broken into its database and stolen information on as many as 1.25 million 
accounts.

The company.s service allows customers to use one password with enhanced 
security features to access multiple password- protected accounts for 
online banking, Internet shopping, and other secure sites. The Vienna, 
Virginia-based company posted a message on its website late yesterday 
alerting customers to the breach in its security.

Jeremy Conway, a researcher for the Portsmouth, New Hampshire, based 
cyber-security company NitroSecurity Inc., said the intrusion risks giving 
the hackers access to millions of different bank accounts, e-commerce 
sites and sensitive corporate networks.

"This could be the nastiest password hack in history," said Conway. 
"They've disclosed just enough so that customers can make all sorts of 
wild assumptions about how big the problem may be."

[..]

_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/