Cloud-Based Password Manager LastPass Hacked

Password managers are a very attractive target for hackers
Image via Shutterstock

One of the most popular password managers, LastPass, announced today that their network has been compromised.

In a blog post at their website, CEO Joe Siegrist stated they have no evidence encrypted user vaults were stolen, or that any user accounts were accessed. However, the attackers did manage to grab account email addresses, password reminders, and authentication hashes and salts — so this is potentially quite serious, especially for people who didn’t use strong master passwords.

The possibility of an attack like this is one big reason why I prefer to use 1Password as my own password management system, with the password vault only stored locally on my system and shared with my various devices (computer, iPhone, tablet) only via wifi. It’s a little less convenient this way, but this hack shows it’s probably worth the slight extra hassle.

Here’s the full statement from Joe Siegrist; if you’re a LastPass user you should definitely follow the advice herein:

We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

Nonetheless, we are taking additional measures to ensure that your data remains secure, and users will be notified via email. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.

If you have a weak master password or if you have reused your master password on any other website, please update it immediately. Then replace the passwords on those other websites.

Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.

Security and privacy are our top concerns here at LastPass. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. In addition to the above steps, we’re working with the authorities and security forensic experts.

We apologize for the extra steps of verifying your account and updating your master password, but ultimately believe this will provide you better protection. Thank you for your understanding and support.

Joe Siegrist
& the LastPass Team

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2016-01-01 10:29 am PST
LGF User's Guide RSS Feeds Tweet

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Square Cash Shop at amazon
as an LGF Associate!
Recent PagesClick to refresh
Most White Evangelicals Attribute Intense National Disasters to the Apocalypse, Not Climate Change These people were once just a local nuisance in certain backward regions of the south. Then they spread their commercial superstition into practically every suburb and hamlet in the United States. Now, with their man Trump in power, they ...
Shiplord Kirel, live from behind wingnut lines
4 hours, 57 minutes ago
Views: 69 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Ratko Mladić Convicted of War Crimes and Genocide at UN Tribunal More than 20 years after the Srebrenica massacre, Mladic was found guilty at the United Nations-backed international criminal tribunal for the former Yugoslavia (ICTY) in The Hague of 10 offences involving extermination, murder and persecution of civilian populations. As ...
Thanos
10 hours, 4 minutes ago
Views: 79 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Portugal. the Man - Feel It Still [2017 American Music Awards Performance] portugaltheman.com WOODSTOCK available now!atlantic.lnk.to Go to feelitstill.com for the interactive version of the "Feel it Still" video. There you'll find 30 tools of #theresistance to fight apathy and injustice hidden in the film. Follow Portugal. The ManWebsite: portugaltheman.comFB: facebook.com ...
Thanos
1 day ago
Views: 143 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Do-It-Yourself ‘Ghost Guns’ Bypass Background Checks and Firearm Registration When Kevin Neal went on a deadly shooting rampage last week in California, he was armed with at least two semi-automatic rifles, known as "ghost guns," that he didn't buy in a store or from a gun dealer, authorities ...
Thanos
1 day, 1 hour ago
Views: 872 • Comments: 1 • Rating: 0
Tweets: 2 • Share to Facebook
Shares: 0
Comments: 0
: 0
Donald Trump Doesn’t Believe Women, but He Does Believe Roy Moore. On Tuesday, President Donald Trump tiptoed up to the edge of (re)endorsing Alabama Senate candidate Roy Moore, who has faced a barrage of credible allegations that he romantically pursued teenagers routinely in his hometown of Gadsden while he was ...
Thanos
1 day, 1 hour ago
Views: 128 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
The Smiths - How Soon Is Now? (Official Music Video) Watch the official music video for "How Soon Is Now"Amazon: po.stiTunes: po.stGoogle: po.stFacebook: po.st "How Soon Is Now?" was originally a B-side of the 1984 single "William, It Was Really Nothing". "How Soon Is Now?" was featured on the ...
Thanos
3 days, 8 hours ago
Views: 328 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
2017 Hurricanes and Aerosols Simulation This is fascinating, I recommend full screen How can you see the atmosphere? By tracking what is carried on the wind. Tiny aerosol particles such as smoke, dust, and sea salt are transported across the globe, making visible weather ...
Thanos
3 days, 11 hours ago
Views: 323 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Incredibles 2 Official Teaser Trailer The teaser trailer for "Incredibles 2" is here. Disney/Pixar's "Incredibles 2" opens in theatres in 3D June 15th, 2018. Everyone’s favorite family of superheroes is back in “Incredibles 2” – but this time Helen (voice of Holly Hunter) is ...
Thanos
4 days, 10 hours ago
Views: 391 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Deadpool’s “Wet on Wet” Teaser After surviving a near fatal bovine attack, a disfigured cafeteria chef (Wade Wilson) struggles to fulfill his dream of becoming Mayberry’s hottest bartender while also learning to cope with his lost sense of taste. Searching to regain his spice ...
Thanos
6 days, 10 hours ago
Views: 684 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Voice of America Reporter Outed as Alt-Right However, using information Fatzick himself posted on Reddit — including his age, girlfriend’s name, former employers, friends, location, educational background, and sports affiliations — this reporter was able to tie the vile posts of UncleSam4200 to the Voice of ...
Thanos
1 week, 1 day ago
Views: 866 • Comments: 4 • Rating: 2
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0