Cloud-Based Password Manager LastPass Hacked

Password managers are a very attractive target for hackers
Image via Shutterstock

One of the most popular password managers, LastPass, announced today that their network has been compromised.

In a blog post at their website, CEO Joe Siegrist stated they have no evidence encrypted user vaults were stolen, or that any user accounts were accessed. However, the attackers did manage to grab account email addresses, password reminders, and authentication hashes and salts — so this is potentially quite serious, especially for people who didn’t use strong master passwords.

The possibility of an attack like this is one big reason why I prefer to use 1Password as my own password management system, with the password vault only stored locally on my system and shared with my various devices (computer, iPhone, tablet) only via wifi. It’s a little less convenient this way, but this hack shows it’s probably worth the slight extra hassle.

Here’s the full statement from Joe Siegrist; if you’re a LastPass user you should definitely follow the advice herein:

We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

Nonetheless, we are taking additional measures to ensure that your data remains secure, and users will be notified via email. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.

If you have a weak master password or if you have reused your master password on any other website, please update it immediately. Then replace the passwords on those other websites.

Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.

Security and privacy are our top concerns here at LastPass. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. In addition to the above steps, we’re working with the authorities and security forensic experts.

We apologize for the extra steps of verifying your account and updating your master password, but ultimately believe this will provide you better protection. Thank you for your understanding and support.

Joe Siegrist
& the LastPass Team

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2016-01-01 10:29 am PST
LGF User's Guide RSS Feeds Tweet

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Square Cash Shop at amazon
as an LGF Associate!
Recent PagesClick to refresh
Donald Trump Calls for a Law We’ve Already Had for More Than 20 Years President Donald Trump wants Congress to pass a law denying welfare benefits to immigrants for five years... However, such a law already exists. As The Hill noted, the Personal Responsibility and Work Opportunity Reconciliation Act, which was signed into ...
Ace-o-aces
3 minutes ago
Views: 192 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Russians Targeted 21 Election Systems, U.S. Official Says Russian hackers targeted 21 U.S. state election systems in the 2016 presidential race and a small number were breached but there was no evidence any votes were manipulated, a Homeland Security Department official told Congress on Wednesday. Jeanette Manfra, ...
Tarkloon
12 hours, 44 minutes ago
Views: 235 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
The Tax Divide — Chicago Tribune Chicago has long been a city divided by race and class, a metropolis with starkly different crime rates, economic realities and educational opportunities depending on where you live. But there’s another division in Chicago and Cook County, one that ...
Birth Control Works
1 day, 23 hours ago
Views: 277 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 1
Comments: 0
: 1
Phoenix Flights Cancelled Because It’s Too Hot for Planes As temperatures climb in Phoenix, Arizona, more than 40 flights have been cancelled - because it is too hot for the planes to fly. The weather forecast for the US city suggests temperatures could reach 120F (49C) on Tuesday. ...
Tarkloon
1 day, 23 hours ago
Views: 443 • Comments: 0 • Rating: 1
Tweets: 31 • Share to Facebook
Shares: 1
Comments: 0
: 1
Presenting the Jay Sekulow Band Here's their cover of "Long Time" by Boston The band—featuring Sekulow on drums and guitar—includes John Schlitt, best known as the lead singer for the pioneering Christian rock band Petra, and John Elefante, the mustachioed former lead singer of ...
thecommodore
2 days, 14 hours ago
Views: 365 • Comments: 0 • Rating: 1
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
In Lynwood, Advanced Placement Classes Are No Longer Only for the Elite The school district’s hope is that the challenging AP courses inspire students to go straight from high school to college and help them do better when they get there. Research suggests that students who take more difficult high school ...
Birth Control Works
3 days, 1 hour ago
Views: 353 • Comments: 1 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
the Capital Region Yearns for More Ethnic Delis!blog.timesunion.com For pictures and videos, please click on the link above. Thanks.We’ve been living in the Capital Region of New York State for almost 24 years., and I really don’t have a lot of complaints. Oh sure, the Route 7 ...
rhoffman
3 days, 3 hours ago
Views: 315 • Comments: 0 • Rating: 0
Tweets: 5 • Share to Facebook
Shares: 0
Comments: 0
: 0
French Montana - Unforgettable Ft. Swae Lee"Unforgettable" ft. Swae Lee Available at iTunes: smarturl.itApple Music: smarturl.itSpotify: smarturl.itGoogle Play: smarturl.itAmazon Digital: smarturl.itDeezer: smarturl.itSoundcloud: smarturl.itTidal: smarturl.it French Montana online:frenchmontanamusic.cominstagram.com@FrencHMonTanAfacebook.com (C) 2017 Epic Records, a division of Sony Music Entertainment/Bad Boy Entertainment
Tarkloon
3 days, 12 hours ago
Views: 342 • Comments: 0 • Rating: 1
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Can One Get Blocked for Quoting Trump? Get blocked for just quoting? .Trump Quotes On 9/11: 'Thousands and thousands of people were cheering' 'A total and complete shutdown of Muslims entering the US" 1/5 — Daniel Ballard (@RW_Conspirator) June 18, 2017 .Trump Quote "'I'd bring back ...
Unshaken Defiance
3 days, 19 hours ago
Views: 433 • Comments: 0 • Rating: 1
Tweets: 3 • Share to Facebook
Shares: 0
Comments: 0
: 0
Coconut Oil ‘As Unhealthy as Beef Fat and Butter’ It is packed with saturated fat which can raise "bad" cholesterol, says the American Heart Association in updated advice. Coconut oil is commonly sold as a health food and some claim the fat in it may be better for ...
Tarkloon
4 days, 2 hours ago
Views: 413 • Comments: 0 • Rating: 2
Tweets: 2 • Share to Facebook
Shares: 0
Comments: 0
: 0