LastPass suspected breach forces password change

The 'second-to-last password you'll ever need'

Password management firm LastPass is forcing its users to change their master passwords after discovering a possible breach to its database.

The master password is used by LastPass customers to log on to the service.

The firm is currently saying in its blog that about five per cent of its users are affected.

However, since telling customers to change their master passwords, the company has been overwhelmed with support calls.

"Record traffic, plus a rush of people to make password changes is more than we can currently handle," the firm wrote in the blog.

The breach was discovered earlier this week when analysis of unusual traffic patterns revealed remote access to the company's secure database.

LastPass opted for safety-first.

"Because we can't account for this anomaly... we're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed," the company wrote.

"We know roughly the amount of data transfered and that it's big enough to have transfered people's email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn't remotely enough to have pulled many users' encrypted data blobs," the blog continues.

LastPass' slogan - "the last password you'll ever need" - has inevitably been derided by the company's users.

"The LAST password you ever had to remember huh? Nice... now I have to train all my family members to learn yet another password *cry*. Not your fault, but not very convenient!" wrote one.