Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


chicagovps.net user database hacked? Lastpass security email
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

chicagovps.net user database hacked? Lastpass security email

acollinsacollins Member
edited March 2013 in General

Did anyone else get an email from Lastpass saying that the chicagovps.net database was hacked on Feb 28 and was posted on Mediafire?

Hello,

>

Hackers claim to have hacked the site chicagovps.net on 2013-02-28 and we've detected that your email address was included in the data published as part of the leak. The full description of the leak is as follows:

The hacker known as NITEDREAM has published an archive to MediaFire.com, consisting of a MySQL dump that seems to belong to chicagovps.net. The data contains dumps of several DB tables, including account credentials for admin accounts.

Please update the password for your chicagovps.net account immediately. The LastPass Security Challenge, located in the Tools menu of the LastPass addon, will help find any other accounts using the same password as the leaked account.

Thanks,
The LastPass Team

Comments

  • Ssshhhhh. If we close threads discussing it, it never happened.

  • Sorry, I thought I searched but apparently was not thorough enough.

  • vedranvedran Veteran

    Wait, what? LastPass found your email in the database dump and emailed you? Is that something they usually do?

  • Wait, what? LastPass found your email in the database dump and emailed you? Is that something they usually do?

    I never have received an email like this before from Lastpass, but I also never received the earlier email from chicagovps...

  • @vedran said: Wait, what? LastPass found your email in the database dump and emailed you?

    Looks more linke they found out that:

    1. @acollins has a password for a ChicagoVps.net account stored in LastPass

    2. LastPass found out that ChicagoVPS got hacked

    So they alerted everyone that is potentially at risk due to the hack

  • I think LastPass download the files, scan them, for matching e-mails then e-mail affecting clients who are signed up to them, nifty, but scary, considering they then have your details in a DB ^^

  • jarjar Patron Provider, Top Host, Veteran

    @vedran said: Wait, what? LastPass found your email in the database dump and emailed you? Is that something they usually do?

    Seriously sums up what I just thought. I understood LastPass to be an application, is it a service? A team of people looking out across the internet for the safety of your data across the internet?

    Cool in a way, unless they're out there googling your info all the time ;)

  • KuJoeKuJoe Member, Host Rep
    edited March 2013

    That's what I call above and beyond. Telling somebody (who previously didn't know) about their password for a completely unrelated service being compromised and then telling them how to minimize the impact.

  • So, and then that's why I don't trust that thing...

    Keepass and period.

  • RaymiiRaymii Member
    edited March 2013

    As long as they don't look at my passwords I think it is a good idea to inform users that their data is leaked when the leaked service itself doesn't do it or provides incorrect information. Who knows Lastpass is on LET...

  • If you don't want them to see your passwords, you probably shouldn't use LastPass.

  • AmitzAmitz Member
    edited March 2013

    This thread won't stay open for long. Colocrossing/CVPS/LET Mafia Shit.

  • @Soylent said: If you don't want them to see your passwords, you probably shouldn't use LastPass.

    Good idea, it fears me that they even bother checking my passwords, might make an altermative when I have time

  • @yomero said: Keepass and period.

    don't forget pwgen (in every X months)

  • I actually think it's pretty good they respond to threats like this. They don't have access to your password, so it's a pretty save process.

    @Soylent said:
    If you don't want them to see your passwords, you probably shouldn't use LastPass.

    You apparently haven't got a clue about how LastPass works.

    @yomero said: Keepass and period.

    Yeah, I know what you mean and I was just like that. However, I now use LastPass for all my "website" passwords, with two-factor (YubiKey) enabled and restricted mobile access. This is something I wasn't able to achieve with KeePass. I still use KeePass for all other passwords, but without two-factor because it's too complicated for mobile.

  • jarjar Patron Provider, Top Host, Veteran
    edited March 2013

    They check your email against PwnedList. I don't see a security threat in that. It's nice to see that they take an interest in actual security rather than passing the tool to the user and hoping they keep tabs on everything themselves. That's the kind of service I appreciate.

  • inb4 close

  • joepie91joepie91 Member, Patron Provider
    edited March 2013

    @KuJoe said: That's what I call above and beyond. Telling somebody (who previously didn't know) about their password for a completely unrelated service being compromised and then telling them how to minimize the impact.

    ... while the affected service still hasn't sent out an explicit advisory.

  • NickMNickM Member

    And you guys say that there's no possible non-malicious reason for wanting to get a hold of the database... well, some of you here at LET, at least. You guys going to criticize LastPass for downloading the database? Even though they downloaded it so that they could notify people of the issue (since ChicagoVPS hasn't) ?

  • jarjar Patron Provider, Top Host, Veteran

    @NickM said: And you guys say that there's no possible non-malicious reason for wanting to get a hold of the database... well, some of you here at LET, at least. You guys going to criticize LastPass for downloading the database? Even though they downloaded it so that they could notify people of the issue (since ChicagoVPS hasn't) ?

    pwnedlist.com did it actually, I assume. LastPass may have, or may have just researched it. My guess is that if anyone wants to give pwnedlist a lecture, they'd be happy to play a little violin for them.

  • I got this email too. It's the only way I found out about it.

Sign In or Register to comment.