breach

After LastPass reported a possible security breach and potential theft of some of its users' master passwords last week, we wondered what it meant for other password managers, such as RoboForm.

Both LastPass and RoboForm help you create and manage strong passwords to log into the increasing array of secure Web sites that we all juggle these days. But is there an inherent vulnerability in relying on a single service to keep track of all your passwords? Should RoboForm users be concerned about the possibility of a similar "anomaly" exposing any of their data?

To answer those questions and learn how RoboForm strives to keep its own customers' data secure, CNET recently spoke with Bill Carey, RoboForm's vice president of marketing.

Q: Bill, from what you may know of what happened at LastPass, what was your take on it? Carey: That's a good question. I don't think anybody really knows what happened yet. I'm not even sure LastPass really knows what happened yet. I've read some of the articles and I read their blog, and they said there was an anomaly. It appears someone had access to their servers for a certain amount of time and that there could've been a transfer of data. But I don't think it would be fair for me to comment on it because I'm not really sure what happened yet. But I appreciate that you're writing it from our standpoint because no one's really thinking about "well, who else is out there and what are they doing and how are they protecting [their data]."… Read more

Still coping with the aftereffects of a pair of attacks that has compromised as many as 100 million accounts and which caused two online gaming services to be taken offline, Japanese electronics giant Sony is considering offering a reward for information leading to the arrest and prosecution of the attackers, people familiar with the matter say.

The company hasn't reached a final decision concerning whether it will offer a reward, and may decide not to do it at all, but the option is on the table, sources told me today. The fact that Sony is considering a reward at … Read more

Popular third-party password manager LastPass revealed yesterday that it may well have been hacked and that some e-mail usernames and master passwords may have been stolen. Does this mean it's time to migrate to another password manager, or even abandon the entire concept of online password management for a pen-and-paper solution?

Given the facts of the situation from LastPass' blog post explaining what happened, I'd say no to giving LastPass the boot, and definitely not to abandoning digital password management for a "little black book."

Leaving a paper trail is a horrendous idea for two reasons. … Read more

The top law enforcement official for the state of New York wants to know more about how Sony's data server security was circumvented in a cyberattack on its PlayStation Network two weeks ago.

On Tuesday, New York Attorney General Eric Schneiderman issued a subpoena to three of the company's business divisions--Sony Computer Entertainment America, Sony Network Entertainment, and Sony Online Entertainment.

The subpoena is the latest step in probes by legislative and law enforcement officials into what enabled a hacker to gain access to the names, addresses, birthdates, e-mail addresses, and passwords of more than 100 million … Read more

Users who manage and store their passwords through password management service LastPass are being forced to change their master passwords after the site noticed an issue this week that raised the spectre of a possible security breach.

As described in a blog yesterday, LastPass (download) recently followed a string of breadcrumbs that pointed to an anomaly in its network traffic on Tuesday. Though such anomalies aren't unusual, LastPass found a matching anomaly in one of its databases. Unable to identify a root cause for either anomaly, the company made the decision to assume the worst--that some of its data … Read more

While he did not say the Anonymous hacker group stole Sony customer data, the chairman of Sony Online Entertainment told a Congressional subcommittee today that the timing of the breach and evidence found during the investigation point toward the group, even if it wasn't directly responsible.

A file planted on a Sony Online Entertainment server during the computer intrusion was named "Anonymous," Kazuo Hirai, chairman of the board of directors of Sony Computer Entertainment America, said in a written response to questions posed by the Subcommittee on Commerce, Manufacturing, and Trade, which is part of the U.… Read more

We've asked a lot of questions about the Sony security breach, some of which Sony has been able to answer. But here's a big so far unanswered one: where has Howard Stringer been?

As chairman, chief executive, and president of Sony, he's been strangely silent on the failure of his company's networked entertainment security systems, which were hacked more than two weeks ago.

When PlayStation Network went offline April 20, Sony communicated with customers via its official PlayStation Blog. Company spokesman Patrick Seybold periodically posted tidbits of information about the outage and repeatedly apologized for the … Read more

Governmental pressure is building on Sony for more information about its apparent security problem.

U.S. Sen. Richard Blumenthal (D-Conn.) sent a letter to Sony today criticizing the company's handling of a massive security breach that affected its PlayStation Network accounts two weeks ago, according to a New York Times report. The letter comes on the heels of yesterday's revelation that more data may have been stolen as part of the computer attack.

"I am deeply concerned about the egregious inadequacy of Sony's efforts thus far to notify its customers of these breaches or to provide … Read more

It's been a roller coaster of a couple of weeks for Sony and its customers.

At first what seemed like an embarrassing network outage that kept customers from accessing PlayStation Network, Sony's online game play and streaming video service, turned out to be much worse: a sophisticated cyberattack made off with the customer data of 77 million PSN and Qriocity customers.

Sony wasn't very forthcoming with information at first--it was a couple days before it acknowledged why PSN was offline, and two days after that it confirmed the security breach. Then over the weekend, the No. 2 … Read more