Cloud-Based Password Manager LastPass Hacked

Password managers are a very attractive target for hackers
Image via Shutterstock

One of the most popular password managers, LastPass, announced today that their network has been compromised.

In a blog post at their website, CEO Joe Siegrist stated they have no evidence encrypted user vaults were stolen, or that any user accounts were accessed. However, the attackers did manage to grab account email addresses, password reminders, and authentication hashes and salts — so this is potentially quite serious, especially for people who didn’t use strong master passwords.

The possibility of an attack like this is one big reason why I prefer to use 1Password as my own password management system, with the password vault only stored locally on my system and shared with my various devices (computer, iPhone, tablet) only via wifi. It’s a little less convenient this way, but this hack shows it’s probably worth the slight extra hassle.

Here’s the full statement from Joe Siegrist; if you’re a LastPass user you should definitely follow the advice herein:

We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

Nonetheless, we are taking additional measures to ensure that your data remains secure, and users will be notified via email. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.

If you have a weak master password or if you have reused your master password on any other website, please update it immediately. Then replace the passwords on those other websites.

Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.

Security and privacy are our top concerns here at LastPass. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. In addition to the above steps, we’re working with the authorities and security forensic experts.

We apologize for the extra steps of verifying your account and updating your master password, but ultimately believe this will provide you better protection. Thank you for your understanding and support.

Joe Siegrist
& the LastPass Team

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2016-01-01 10:29 am PST
LGF User's Guide RSS Feeds Tweet

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Square Cash Shop at amazon
as an LGF Associate!
Recent PagesClick to refresh
NRA & Trump Treason: Maria Butina Pleads Guilty, Flips on Them All the shoes appear to be dropping now. Maria Butina, the Russian "sparrow" who infiltrated the NRA with the assistance of dimwitted, horny GOP operatives, has now plead guilty and is cooperating with the Mueller investigation. Prosecutors in their ...
Khal Wimpo (the extinguisher of tiki torches)
8 hours, 26 minutes ago
Views: 137 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Day After Neo-Nazi Is Convicted of Murder, Associates of a Violent Skinhead Group Charged With Hate Crimes Travis David Condor, a member of the band Birthrite and head of hate-music record label American Defense Records, was among nine people arrested at a bar in Lynwood, Washington, early Saturday morning. The Snohomish County Sheriff's Office said in ...
Thanos
1 day, 15 hours ago
Views: 231 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Embattled Washington Rep. Matt Shea Is Skirting State Law to Funnel Campaign Funds to Far-Right Groups Shea uses his office and campaign funds to spearhead a partitionist effort to split Washington into two states, and may have violated state laws by using surplus campaign funds to make at least $5,500 in contributions to far-right nonprofit ...
Thanos
1 day, 16 hours ago
Views: 145 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
The Outer Worlds - Official Announcement Trailer Watch the official announcement trailer for The Outer Worlds, a new single-player first-person sci-fi RPG from Obsidian Entertainment and Private Division. In The Outer Worlds, you awake from hibernation on a colonist ship that was lost in transit to ...
Thanos
2 days, 5 hours ago
Views: 146 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
The Umbrella Academy When it rains, it pours. Here's your first look at The Umbrella Academy. Coming to Netflix February 15. A dysfunctional family of superheroes comes together to solve the mystery of their father's death, the threat of the apocalypse and ...
Thanos
2 days, 6 hours ago
Views: 132 • Comments: 0 • Rating: 0
Tweets: 2 • Share to Facebook
Shares: 0
Comments: 0
: 0
Elvis Costello & the Imposters - Suspect My Tears The new deluxe album ‘Look Now’ out now, order here: elviscostello.lnk.to Explore more music from Elvis Costello: lnk.to Follow Elvis Costello:Facebook: facebook.comInstagram: instagram.comTwitter: twitter.comWebsite: elviscostello.com Director & Original Story - MustashrikExecutive Production - Whitney JacksonProduced by Partizan VFX Supervisor ...
Thanos
2 days, 7 hours ago
Views: 190 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
VULFPECK /// Half of the Way (Feat. Theo Katzman) VULFPECK /// Half of the Waybuy on bandcamp → vuuulf.com Theo Katzman — vocalsLarry Goldings — piano, composerRyan Lerman — guitar, composer, engineerJoey Dosik — saxWoody Goss — tambourineJack Stratton — drums, mixingJoe Dart — fender bassCory Wong — ...
Thanos
2 days, 7 hours ago
Views: 112 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Storyhill - Blazing Out of Sight (Live at Radio Heartland)Storyhill perform "Blazing Out of Sight," from their 2007 self-titled album as well from the 2018 compilation, "Stages," live at Radio Heartland.
Thanos
2 days, 7 hours ago
Views: 127 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
How Smooth Jazz Took Over the ’90s You should give smooth jazz a chance. Subscribe to our channel! goo.gl Smooth jazz has gotten a bad rap for decades. It’s often associated with background music for elevators or the soundtrack at the dentist office. Smooth jazz is ...
Thanos
3 days, 17 hours ago
Views: 152 • Comments: 1 • Rating: 1
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Feds Target Butina’s GOP Boyfriend as Foreign Agent Paul Erickson, a longtime Republican politico whose Russian girlfriend is in jail on charges she acted as a covert foreign agent, has been informed that he may face similar accusations. The Daily Beast reviewed a so-called “target letter” that ...
Thanos
5 days, 18 hours ago
Views: 229 • Comments: 1 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0