LastPass CEO reveals details on security breach

[security curmudgeon <jericho () attrition org>]

http://news.cnet.com/8301-1009_3-20060464-83.html

May 6, 2011 10:19 AM PDT
LastPass CEO reveals details on security breach
by Lance Whitney

Following yesterday's revelation of a likely security breach at password 
management company LastPass, the company's CEO is revealing more details 
about the incident and trying to offer some comfort and advice to his 
users.

Speaking yesterday with PC World, LastPass CEO Joe Siegrist admits he may 
have been too "alarmist" in sounding the alarm bell over the potential 
security breach. But the anomalies the company found when looking over its 
logs raised too much of a red flag.

Siegrist explained that he doesn't think a lot of data would've been 
hacked, but just enough to capture a small number of user names and 
passwords. Though the passwords were in an encrypted format, those 
combined with the usernames could give hackers enough of a starting point 
to hunt for accounts with weak master passwords. The use of a master 
password is critical as it can unlock the door to all of a user's Web site 
passwords, one reason why sites like LastPass urge users to use complex, 
non-dictionary passwords.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/