LastPass Disclosure Shows Why We Can't Have Nice Things
08 May 2011
A few days ago, LastPass announced they would be forcing their users to change their master passwords in response to what was essentially "something weird":
"We take a close look at our logs and try to explain every anomaly we see. Tuesday morning we saw a network traffic anomaly for a few minutes from one of our non-critical machines. These happen occasionally, and we typically identify them as an employee or an automated script.
In this case, we couldn't find that root cause. After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server). Because we can't account for this anomaly either, we're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed."
LastPass acted exactly like we wish most companies would act: responsibly. And the media's response? Declaring LastPass "hacked" and "vulnerable", and placing them in the same category as Sony—who definitely were hacked—with sensationalist headlines like:
WARNING: Your Web Browser's Master Password May Have Been Stolen -- Change It Now
LastPass Has Been Hacked And Asking Everyone To Change Their Master Passwords
LastPass Hacked, Change of Master Password Urgent
LastPass Is Hacked – Change Your Master Password, But Don't Panic
Should the LastPass, Sony hacks make you fear storing data in the cloud?
LastPass Disclosure Shows Why We Can't Have Nice Things
08 May 2011
A few days ago, LastPass announced they would be forcing their users to change their master passwords in response to what was essentially "something weird":
"We take a close look at our logs and try to explain every anomaly we see. Tuesday morning we saw a network traffic anomaly for a few minutes from one of our non-critical machines. These happen occasionally, and we typically identify them as an employee or an automated script.
In this case, we couldn't find that root cause. After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server). Because we can't account for this anomaly either, we're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed."
LastPass acted exactly like we wish most companies would act: responsibly. And the media's response? Declaring LastPass "hacked" and "vulnerable", and placing them in the same category as Sony—who definitely were hacked—with sensationalist headlines like:
WARNING: Your Web Browser's Master Password May Have Been Stolen -- Change It Now LastPass Has Been Hacked And Asking Everyone To Change Their Master Passwords LastPass Hacked, Change of Master Password Urgent LastPass Is Hacked – Change Your Master Password, But Don't Panic Should the LastPass, Sony hacks make you fear storing data in the cloud?