Gartner has recenty predicted that by 2020, a corporate “no-cloud” policy will be as rare as a “no-internet” policy is today. CIOs will increasingly leverage a multitude of cloud computing providers across the entire IT stack to enable a huge variety of use cases and meet the requirements of their business unit peers. Indeed, the tides are shifting toward a “cloud-first” or even “cloud-only” policy... 

Marc Wilczek

LastPass Possibly Hacked, Cloud Security Concerns on the Rise

LastPass Possibly Hacked, Cloud Security Concerns on the Rise

Conspiracy theory admirers will be happy to hear the news that today, following Amazon’s outage and recent security breaches at Sony, cloud-based password storage and management company LastPass announced a possible successful hacker’s attack against its servers.

If you have a strong, non-dictionary-based password or pass phrase, this shouldn’t impact you – the potential threat here is brute-forcing your master password using dictionary words, then going to LastPass with that password to get your data. Unfortunately not everyone picks a master password that’s immune to brute-forcing,” the company wrote in a blog post as cited by The Register.

To counter that potential threat, we’re going to force everyone to change their master passwords. Additionally, we’re going to want an indication that you’re you, by either ensuring that you’re coming from an IP block you’ve used before or by validating your email address…We realize this may be an overreaction and we apologize for the disruption this will cause, but we’d rather be paranoid and slightly inconvenience you than to be even more sorry later,” the blog post added.

LastPass’s security experts discovered unusual behaviour of their database server with more traffic going out compared to incoming data. Therefore, company’s specialists decided that such behaviour could be signalling a hackers’ activity related to siphoning out stored login credentials and other sensitive user data. The company decided to reset user master passwords in an attempt to protect customers from possible data leakage.
Actually, the web-based password-management company did not confirm that any sensitive user data have been stolen until now but chances are great that following unusual database server activity some users might witness their master passwords compromised. Master passwords are passwords that protect lists of passwords used to access other websites and online services in the cloud.

The company already announced it will enhance encryption algorithms used in protecting customers’ data and will introduce additional measures to secure sensitive data on its servers. LastPass’s experts are rumoured to suspect the hackers took advantage of the company’s VoIP service to get access to the company’s database and start extracting data. However, just a small amount of data had been extracted, so LastPass users should not be over-reacting to the news.

LastPass had experienced similar problems in the past with users not being affected by data leakage at the time of the previous security breach. Alarmingly, such accidents are becoming a routine in 2011 rising serious doubts whether users should take cloud security for granted. Both large corporations and start-up cloud companies experience the same kind of security problems, resembling past accidents that have troubled corporate and individual customers in the past. One would say that hackers’ activity is subject to the same fundamental factors that drive the stock market cycles unless global recession increasing number of hacking attempts are developing concurrently.

Obviously, tech community members should re-think their vision on cloud security and how these problems should be resolved.

By Kiril Kirilov

Kiril Kirilov

Kiril V. Kirilov is covering IT and business and finance topics as a full-time journalist and freelance writer for over two decades. He also deals with all things content strategy and content marketing.

Kiril analyses all business and new technology trends across the tech industry. He is also founder of a content strategy service.