Cloud-Based Password Manager LastPass Hacked

Password managers are a very attractive target for hackers
Image via Shutterstock

One of the most popular password managers, LastPass, announced today that their network has been compromised.

In a blog post at their website, CEO Joe Siegrist stated they have no evidence encrypted user vaults were stolen, or that any user accounts were accessed. However, the attackers did manage to grab account email addresses, password reminders, and authentication hashes and salts — so this is potentially quite serious, especially for people who didn’t use strong master passwords.

The possibility of an attack like this is one big reason why I prefer to use 1Password as my own password management system, with the password vault only stored locally on my system and shared with my various devices (computer, iPhone, tablet) only via wifi. It’s a little less convenient this way, but this hack shows it’s probably worth the slight extra hassle.

Here’s the full statement from Joe Siegrist; if you’re a LastPass user you should definitely follow the advice herein:

We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

Nonetheless, we are taking additional measures to ensure that your data remains secure, and users will be notified via email. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.

If you have a weak master password or if you have reused your master password on any other website, please update it immediately. Then replace the passwords on those other websites.

Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.

Security and privacy are our top concerns here at LastPass. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. In addition to the above steps, we’re working with the authorities and security forensic experts.

We apologize for the extra steps of verifying your account and updating your master password, but ultimately believe this will provide you better protection. Thank you for your understanding and support.

Joe Siegrist
& the LastPass Team

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2016-01-01 10:29 am PST
LGF User's Guide RSS Feeds Tweet

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Recent PagesClick to refresh
‘Women Are Just Better at This Stuff’: Is Emotional Labor Feminism’s Next Frontier? We remember children’s allergies, we design the shopping list, we know where the spare set of keys is. We multi-task. We know when we’re almost out of Q-tips, and plan on buying more. We are just better at remembering ...
Birth Control Works
13 hours, 9 minutes ago
Views: 135 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 1
Comments: 0
: 1
Micki Piperno- La Zingara - Live at Auditorium Parco Della Musica La Zingara is a piece from Micki's latest record "Guitar Story"; you can listen to the preview on I-Tunes itunes.apple.com The video clip was filmed and produced by Tommaso Cassinis at Boogie studio in Rome. In this video Micki ...
Tarkloon
1 day, 1 hour ago
Views: 117 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Stranger Things 2017 : Set to Drop on Halloween 99 out of a hundred times, the missing kid is with a parent or relative. What about the other time? A love letter to the supernatural classics of the 80's, Stranger Things is the story of a young boy ...
Tarkloon
1 day, 14 hours ago
Views: 169 • Comments: 0 • Rating: 2
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Ash vs Evil Dead 2nd Season in 2017 Just days before the October 31 debut of the 10-episode series based on the Evil Dead movie franchise, the premium cabler today said the show will be back for another round. "One season isn't enough to satisfy the fans' ...
Tarkloon
1 day, 14 hours ago
Views: 174 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
LIGO Detects Gravitational Waves After a decades-long quest, The MIT-Caltech collaboration LIGO Laboratories has detected gravitational waves, opening a new era in our exploration of the universe. Read more: news.mit.edu Produced by MIT Video Productions and MIT News OfficeProducer/Editor: Bill Lattanzi Footage courtesy ...
Tarkloon
1 day, 15 hours ago
Views: 194 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
While We’re Watching the Scandals, Trump Is Dismantling the Federal Government. The rage felt by the president’s critics is real, and understandable, but it also plays into Trump’s broader agenda. His chief strategist Steve Bannon outlined that strategy this week at the Conservative Political Action Conference, describing it as nothing ...
Tarkloon
1 day, 16 hours ago
Views: 588 • Comments: 0 • Rating: 0
Tweets: 70 • Share to Facebook
Shares: 1
Comments: 0
: 1
Criticized by Peers, White House Counterterrorism Adviser Returns Fire "The statements made from the very beginning led me to believe that it was a prank call," Smith tells NPR. "Because he's calling me from a cellphone suggesting that he wants to talk about official business — specifically, elevating ...
Tarkloon
1 day, 17 hours ago
Views: 366 • Comments: 0 • Rating: 1
Tweets: 2 • Share to Facebook
Shares: 0
Comments: 0
: 0
Russian Defense Minister Says His Military Has Tested 162 Weapons in Syria Russian Defense Minister Sergei Shoigu made his way to the Duma, the lower house of parliament, on the eve of Defender of the Fatherland Day. The Feb. 23 national holiday was once known as Soviet Army and Navy Day, ...
Tarkloon
1 day, 17 hours ago
Views: 576 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Jordan Peele’s ‘Get Out’ Scares Way to No. 1 at Box Office During his Sundance post-screening Q&A, Peele added that Get Out “was a missing piece in the genre. One of my favorite movies is the Stepford Wives and the way it dealt with social issues in regards to gender. I ...
Tarkloon
2 days, 1 hour ago
Views: 904 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Democratic Victory in Delaware Special ElectionMore of this, please: In the most expensive special election in Delaware history ― a contest to decide which party controls the state Senate ― Democrat Stephanie Hansen was on track to annihilate her Republican rival on the back of ...
jhncsy
2 days, 1 hour ago
Views: 953 • Comments: 0 • Rating: 2
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0