June 16, 2015
While I was stuck in the airport in Zurich on Monday it appears that the folks at Lastpass was having a far worse day. It seems somewhat fitting that a data breach like this would surface while I’m attending the FIRST incident responders conference in Berlin this week. The password management makers, Lastpass, announced on Monday June 15th that they had become an unwilling addition to the long list of companies that have suffered from a data breach.
On Friday June 12th the company discovered what they referred to as “suspicious activity” on their network. This activity resulted in the exposure of a user email addresses, password reminders salts and authentication hashes. Ouch. They did point out that there did not seem to be any attempts made to access user accounts themselves. No mention was made however as to when this suspicious traffic first began on the Lastpass network.