Cloud-Based Password Manager LastPass Hacked

Password managers are a very attractive target for hackers
Image via Shutterstock

One of the most popular password managers, LastPass, announced today that their network has been compromised.

In a blog post at their website, CEO Joe Siegrist stated they have no evidence encrypted user vaults were stolen, or that any user accounts were accessed. However, the attackers did manage to grab account email addresses, password reminders, and authentication hashes and salts — so this is potentially quite serious, especially for people who didn’t use strong master passwords.

The possibility of an attack like this is one big reason why I prefer to use 1Password as my own password management system, with the password vault only stored locally on my system and shared with my various devices (computer, iPhone, tablet) only via wifi. It’s a little less convenient this way, but this hack shows it’s probably worth the slight extra hassle.

Here’s the full statement from Joe Siegrist; if you’re a LastPass user you should definitely follow the advice herein:

We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

Nonetheless, we are taking additional measures to ensure that your data remains secure, and users will be notified via email. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.

If you have a weak master password or if you have reused your master password on any other website, please update it immediately. Then replace the passwords on those other websites.

Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.

Security and privacy are our top concerns here at LastPass. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. In addition to the above steps, we’re working with the authorities and security forensic experts.

We apologize for the extra steps of verifying your account and updating your master password, but ultimately believe this will provide you better protection. Thank you for your understanding and support.

Joe Siegrist
& the LastPass Team

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2016-01-01 10:29 am PST
LGF User's Guide RSS Feeds Tweet

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Square Cash Shop at amazon
as an LGF Associate!
Recent PagesClick to refresh
‘Silent Coup’: Limbaugh Says ?!?! In an impassioned commentary, Rush Limbaugh said he believes the Washington establishment - both Democrats and Republicans - are involved in a "silent coup" against President Trump. Silent coup? Wrong and wrong. As silent as Rachael Maddow, Keith Olberman ...
Unshaken Defiance
1 day, 11 hours ago
Views: 308 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Immigration: Focus LocallyIn these days of Trump and the Republicans attacking everything decent about America, it's too easy to focus on the immediate threat. Trump's Muslim band is back, but everyone is paying attention to the Republicans trying to steal our healthcare. ...
jhncsy
2 days, 9 hours ago
Views: 250 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
‘Submit to Your Husbands’: Women Told to Endure Domestic Violence in the Name of God (Australian Broadcasting Corporation) The culprits were obvious: it was the menopause or the devil. Who else could be blamed, Peter screamed at his wife in nightly tirades, for her alleged insubordination, for her stupidity, her lack of sexual pliability, her refusal to ...
Birth Control Works
3 days, 9 hours ago
Views: 482 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
West Virginia Families, Just Learning About Health-Care Access, Fear It Will Be Taken Away - Rewire In Vienna, West Virginia—just north of Parkersburg, along the Ohio River separating the two states—the only Planned Parenthood health center in the state sits among a scattering of gray and tan buildings beside the main road. A few days ...
Birth Control Works
3 days, 10 hours ago
Views: 557 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Trump Election Commissioner Used Dubious Data to Allege an “Alien Invasion” - Mother Jones Election officials and experts say there’s plenty of reason to doubt those claims.But they could still provide a blueprint for Trump’s commission, which has so far hinted at tighter restrictions on voting in the name of cracking down on ...
Thanos
3 days, 17 hours ago
Views: 494 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Inside the Middle East’s First Rape & Domestic Violence Crisis Program For the last year and a half, there’s been a new sight in the Kingdom of Bahrain. Lodged into stacks of newspapers, stuck to mirrors in restaurant bathrooms, and pinned to grocery store notice boards are small, blue-and-white fliers ...
Birth Control Works
4 days, 13 hours ago
Views: 528 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
First Aid Kit - My Silver LiningFirst Aid Kit perform My Silver Lining at Glastonbury 2017
Thanos
5 days, 8 hours ago
Views: 462 • Comments: 0 • Rating: 0
Tweets: 2 • Share to Facebook
Shares: 0
Comments: 0
: 0
Jangada - Claudia Villela Quartet at Kuumbwa Jazz Jangada written by Claudia Villela, performed by the Claudia Villela Quartet at Kuumbwa Jazz, Santa Cruz, CA, April 15, 2013 Claudia Villela - vocals, piano, percussionCelso Alberti - drums/percussionJeff Buenz - guitarsGary Brown - bass videography by John Mountaudio ...
Thanos
5 days, 8 hours ago
Views: 340 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Should NYPD Lawyers Step in to Prosecute? Protestors Say No. NEW YORK (AP) -- Arminta Jeffryes was arrested while protesting police brutality. Then the police department played an unusual role in her court case. A New York Police Department lawyer stepped in to prosecute the jaywalking charge against her, ...
Thanos
5 days, 8 hours ago
Views: 407 • Comments: 0 • Rating: 0
Tweets: 2 • Share to Facebook
Shares: 0
Comments: 0
: 0
Saturday Tiny Water Drop Macro Last week I had a little success with a similar image. I thought I'd take another one and see about perhaps a bit more refined finished look. I hope you enjoy this humble peek into the small and large ...
Unshaken Defiance
6 days, 3 hours ago
Views: 420 • Comments: 1 • Rating: 9
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0