Cloud-Based Password Manager LastPass Hacked

Password managers are a very attractive target for hackers
Image via Shutterstock

One of the most popular password managers, LastPass, announced today that their network has been compromised.

In a blog post at their website, CEO Joe Siegrist stated they have no evidence encrypted user vaults were stolen, or that any user accounts were accessed. However, the attackers did manage to grab account email addresses, password reminders, and authentication hashes and salts — so this is potentially quite serious, especially for people who didn’t use strong master passwords.

The possibility of an attack like this is one big reason why I prefer to use 1Password as my own password management system, with the password vault only stored locally on my system and shared with my various devices (computer, iPhone, tablet) only via wifi. It’s a little less convenient this way, but this hack shows it’s probably worth the slight extra hassle.

Here’s the full statement from Joe Siegrist; if you’re a LastPass user you should definitely follow the advice herein:

We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

Nonetheless, we are taking additional measures to ensure that your data remains secure, and users will be notified via email. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.

If you have a weak master password or if you have reused your master password on any other website, please update it immediately. Then replace the passwords on those other websites.

Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.

Security and privacy are our top concerns here at LastPass. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. In addition to the above steps, we’re working with the authorities and security forensic experts.

We apologize for the extra steps of verifying your account and updating your master password, but ultimately believe this will provide you better protection. Thank you for your understanding and support.

Joe Siegrist
& the LastPass Team

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2016-01-01 10:29 am PST
LGF User's Guide RSS Feeds Tweet

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Square Cash Shop at amazon
as an LGF Associate!
Recent PagesClick to refresh
Feinstein Loses California Democratic Party’s EndorsementThe party outs a DINO? The real outcome of this could be running two D's and zero R's. California Democrats rebuked Sen. Dianne Feinstein at their annual convention this weekend, denying her the party’s endorsement in this year’s Senate race ...
Thanos
12 hours, 17 minutes ago
Views: 135 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Gothamist Properties Will Be Revived Under New Ownership Nearly four months after their billionaire owner shut them down, local news sites Gothamist, LAist and DCist will come back to life under new ownership: public radio stations. WNYC in New York will buy Gothamist, Southern California's KPCC will ...
Thanos
16 hours, 11 minutes ago
Views: 115 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Moon Taxi - Not Too Late (Official Video) Get Moon Taxi’s new album 'Let The Record Play' available now featuring "Two High" and "Not Too Late"! iTunes - smarturl.itAmazon - smarturl.itApple Music - smarturl.itSpotify - smarturl.itGoogle Play - smarturl.it Watch the official music video for “Two High” ...
Thanos
1 day, 11 hours ago
Views: 165 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Joshua Hedley - Mr. Jukebox (Official Video)Joshua Hedley - Mr. JukeboxDebut album coming 4/20/18 on Third Man RecordsPre-order + stream: smarturl.it joshuahedley.comthirdmanrecords.com Directed by: Travis NicholsonCinematography: Blake McClure and David Ogle Camera Operator: Andy Kugler Production Designer: Brit DoyleHair/Make-up: Olivia JeanEditor: Josh Shreeve
Thanos
1 day, 11 hours ago
Views: 190 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Live From Daryl’s House - ‘I’m Alright’On this episode of Live From Daryl's House, Kenny Loggins drops by to get "Footloose" with Daryl and his band.
Thanos
4 days, 1 hour ago
Views: 271 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Author Retraces Her Journey From Survivalist Childhood to Cambridge Ph.D. As a girl, Westover says, "There wasn't ever any question about what my future would look like: I would get married when I was 17 or 18, and I would be given some corner of the farm and my ...
Thanos
4 days, 15 hours ago
Views: 383 • Comments: 2 • Rating: 6
Tweets: 2 • Share to Facebook
Shares: 0
Comments: 0
: 0
Florida Republicans Choose Unregulated Murder Weapons Over Children’s LivesI keep drilling this to everyone who discusses this shooting. Republicans value ownership of unregulated murder weapons over children's lives. So much so that they voted along party lines with Stoneman Douglas students watching they voted to decline debate on ...
TDG2112
4 days, 23 hours ago
Views: 388 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Weekend Box Office: ‘Black Panther’ Bounds to Record-Shattering $218M-Plus Bow In a defining moment for Hollywood, Disney and Marvel Studios' Black Panther exploded at the Presidents Day box office, bounding to a record-shattering estimate of $192 million for the three-day weekend and a projected $218 million-plus for the four-day ...
Thanos
1 week ago
Views: 769 • Comments: 0 • Rating: 1
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Brandi Carlile - the Joke (Official Video) From the album "By The Way, I Forgive You" available now. elektrar.ec Directed by Danny Clinch Produced by Lindha Narvaez for MILKT Choreography by Peter Leung Ballet sequence filmed by Middle Table Productions Connect with Brandi: brandicarlile.com facebook.com @brandicarlile ...
Thanos
1 week, 1 day ago
Views: 835 • Comments: 0 • Rating: 1
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
School Shooter Nikolas Cruz Belonged to White Supremacist GroupThis my surprised face.... BREAKING: Nikolas Cruz, alleged perpetrator in the deadly school shooting in Parkland, Florida, was associated with white supremacist group Republic of Florida & participated in the group’s training exercises, according to the group’s leader. More info: ...
Scottish Dragon
1 week, 3 days ago
Views: 904 • Comments: 2 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0