BreachExchange mailing list archives
LastPass CEO reveals details on security breach
From: security curmudgeon <jericho () attrition org>
Date: Fri, 6 May 2011 13:54:53 -0500 (CDT)
http://news.cnet.com/8301-1009_3-20060464-83.html May 6, 2011 10:19 AM PDT LastPass CEO reveals details on security breach by Lance Whitney Following yesterday's revelation of a likely security breach at password management company LastPass, the company's CEO is revealing more details about the incident and trying to offer some comfort and advice to his users. Speaking yesterday with PC World, LastPass CEO Joe Siegrist admits he may have been too "alarmist" in sounding the alarm bell over the potential security breach. But the anomalies the company found when looking over its logs raised too much of a red flag. Siegrist explained that he doesn't think a lot of data would've been hacked, but just enough to capture a small number of user names and passwords. Though the passwords were in an encrypted format, those combined with the usernames could give hackers enough of a starting point to hunt for accounts with weak master passwords. The use of a master password is critical as it can unlock the door to all of a user's Web site passwords, one reason why sites like LastPass urge users to use complex, non-dictionary passwords. [..] _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- LastPass CEO reveals details on security breach security curmudgeon (May 06)