LastPass Says Hackers May Have Stolen Password Data


Michael Riley

[Update: LastPass CEO Reveals details on security breach]

May 5 (Bloomberg) -- LastPass, a company that offers to safeguard and simplify managing subscribers' online passwords, said hackers may have broken into its database and stolen information on as many as 1.25 million accounts.

The company's service allows customers to use one password with enhanced security features to access multiple password- protected accounts for online banking, Internet shopping, and other secure sites. The Vienna, Virginia-based company posted a message on its website late yesterday alerting customers to the breach in its security.

Jeremy Conway, a researcher for the Portsmouth, New Hampshire, based cyber-security company NitroSecurity Inc., said the intrusion risks giving the hackers access to millions of different bank accounts, e-commerce sites and sensitive corporate networks.

"This could be the nastiest password hack in history," Conway said. "They've disclosed just enough so that customers can make all sorts of wild assumptions about how big the problem may be."

The scope of the losses will depend on how successful the intruders have been at penetrating the company's network.

The attack on LastPass follows a series of break-ins that have left companies informing customers sensitive data may have been lost. Early last month, millions of customer e-mail addresses were stolen from the computers of Alliance Data System Corp.'s Epsilon Data Management LLC, a Dallas-based provider of marketing services.

Cyber Intruder

Two weeks later, Sony Corp. reported that a cyber intruder stole personal information belonging to 77 million customers of its PlayStation Network.

Joe Siegrist, chief executive officer of Marvasol Inc., which does business as LastPass, said in an e-mail message today that he's urging customers "not to panic" and noted several measures the company is taking to limit the risk. The company is asking customers to re-set their master passwords, Siegrist said.

Companies like LastPass have grown in popularity in the face of growing internet-based fraud from software that steals passwords stored on individual computers.

"I've told people to go use LastPass," Conway said. "The company will have to take several specific measures following this incident before I'll feel like I can do that again."

--Editors: Fred Strasser, Stephen Farr

main page ATTRITION feedback