Password Management Company Shows How to Handle Data Breach
The online password management company LastPass is urging its members to change their master passwords as a precaution against what may turn out to be a serious data breach.
LastPass, a free service that stores all a person’s different passwords in one location, issued a warning on its website May 3 that it noticed “a network traffic anomaly” affecting one of the company’s “non-critical machines.”
Although the warning said this happens occasionally, LastPass found a similar problem on another database, and, as a precautionary measure, decided to arm itself and its customers in the event the traffic oddities turn out to be early symptoms of a large-scale data breach.
“We’re going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed,” the advisory said.
To mitigate what could result in attackers getting away with users’ passwords – which could then grant them access to a person’s private email or online bank account – LastPass urged all its users to change their login credentials and also validate their email addresses.
“We realize this may be an overreaction and we apologize for the disruption this will cause, but we’d rather be paranoid and slightly inconvenience you than to be even more sorry later,” LastPass wrote.
LastPass’ quick, decisive action came in contrast to the reaction of other companies to data breaches, notably Epsilon and Sony, which notified their customers days after their recent breaches. That notification often comes too late to protect to protect customers’ personal information.
Carole Theriault from the security firm Sophos agrees it’s better to be safe than sorry.
“I think LastPass are doing the right thing: they saw something odd. They cannot explain it. There is a risk that sensitive info is in the wrong hands, so they immediately go into action, explain with some detail why they are concerned, and tell you what to do about it,” Theriault wrote.
As LastPass said in its advisory: “We don’t have a lot that indicates an issue but it’s prudent to assume where there’s smoke there could be fire.”
This article was provided by SecurityNewsDaily.