Offline mode was operational, but didn’t kick in for many users
A six-hour disruption to LastPass on Tuesday that resulted in login errors for many users was caused by a failed server, the company has confirmed.
In a post-mortem of the outage, which occurred on November 20, LastPass CTO Sandor Palfy said the password vault service began to experience connectivity issues in its datacenters at around 9:00 EST.
“Eventually, we determined that a server failed in a way that overwhelmed the internal network, slowing down other servers and network devices, as well as the connectivity between our datacenters,” Palfy explained in an update to users.
“This resulted in slow or failed logins globally.”
During the outage, most users were able to access their passwords through offline mode, which provides access to the password vault even there’s no internet connection.
However, although this mode is automatically enabled when no connection is detected, Palfy said the intermittent connectivity issues throughout November 20 resulted in the mode failing to engage, causing additional frustration for affected users.
“This discrepancy yielded one of the first actionable takeaways of the day: a careful review of our offline mode to make improvements, where necessary, and to capture additional failure scenarios such as this one,” the CTO stated.
Although users of LastPass – one of the world’s most popular password managers – will no doubt be pleased to learn that the outage was not attributable to any security-related issues, Palfy acknowledged the frustrations caused by the lock out.
“While some users were still able to access their LastPass vault during this time, many were unable to do so, which we acknowledge is unacceptable for a tool that provides individuals and businesses with access to their important information,” he said
“We wanted to first and foremost apologize to our users, as well as clarify that you do not need to take any action on your account.”
All LastPass services are now back online and working normally.
RELATED Subdomain autofill feature raises questions over LastPass security