Cloud-Based Password Manager LastPass Hacked

Password managers are a very attractive target for hackers
Image via Shutterstock

One of the most popular password managers, LastPass, announced today that their network has been compromised.

In a blog post at their website, CEO Joe Siegrist stated they have no evidence encrypted user vaults were stolen, or that any user accounts were accessed. However, the attackers did manage to grab account email addresses, password reminders, and authentication hashes and salts — so this is potentially quite serious, especially for people who didn’t use strong master passwords.

The possibility of an attack like this is one big reason why I prefer to use 1Password as my own password management system, with the password vault only stored locally on my system and shared with my various devices (computer, iPhone, tablet) only via wifi. It’s a little less convenient this way, but this hack shows it’s probably worth the slight extra hassle.

Here’s the full statement from Joe Siegrist; if you’re a LastPass user you should definitely follow the advice herein:

We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

Nonetheless, we are taking additional measures to ensure that your data remains secure, and users will be notified via email. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.

If you have a weak master password or if you have reused your master password on any other website, please update it immediately. Then replace the passwords on those other websites.

Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.

Security and privacy are our top concerns here at LastPass. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. In addition to the above steps, we’re working with the authorities and security forensic experts.

We apologize for the extra steps of verifying your account and updating your master password, but ultimately believe this will provide you better protection. Thank you for your understanding and support.

Joe Siegrist
& the LastPass Team

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2016-01-01 10:29 am PST
LGF User's Guide RSS Feeds Tweet

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Recent PagesClick to refresh
Labor Nominee Acosta Cut Deal With Billionaire Guilty in Sex Abuse Case There was once a time — before the investigations, before the sexual abuse conviction — when rich and famous men loved to hang around with Jeffrey Epstein, a billionaire money manager who loved to party. They visited his mansion ...
Birth Control Works
16 hours, 59 minutes ago
Views: 293 • Comments: 0 • Rating: 0
Tweets: 29 • Share to Facebook
Shares: 4
Comments: 0
: 4
While Gorsuch Was Testifying, the Supreme Court Unanimously Said He Was Wrong About 40 minutes after Supreme Court nominee Neil Gorsuch began his second day of testimony before the Senate Judiciary Committee, all eight of the justices he hopes to join said a major disability decision Gorsuch wrote in 2008 was ...
Birth Control Works
17 hours, 8 minutes ago
Views: 108 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Black & Missing in America - a Short Film Published on May 7, 2015 From OSCAR® and 16-time EMMY award-winning producer Arnold Shapiro and Director/Producer Marlene McCurtis - a short film that highlights the work of the Black and Missing Foundation, and their quest to provide a voice ...
Birth Control Works
17 hours, 38 minutes ago
Views: 89 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
500 Missing — Why You Should Pay Attention to DC’s Missing Girls if You Attended the Women’s March Though months have passed since the Women's March united women around the nation in January, its mission to stand up for the rights of those who are most vulnerable cannot afford to slip into the background. And this applies ...
Birth Control Works
17 hours, 41 minutes ago
Views: 129 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Rewire -‘Issues in Law & Medicine’: A One-Stop Journal for Anti-Vaccine, Anti-Abortion PseudoscienceUnsurprisingly creationists aren't the only ones who produce fake academic journals. It turns out that anti abortion, and anti vaccination ideologues do the same thing, only in the case of "Issues in Law & Medicine," the people behind it, arguably ...
CriticalDragon1177
17 hours, 49 minutes ago
Views: 189 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Trump Did to Merkel What Men Do to Women All the Time Tuesday 21 March 2017 06.00 EDT Last modified on Wednesday 22 March 2017 11.22 EDT A few years ago, my husband and I ran into a mutual acquaintance at a restaurant. This young man – a person who would ...
Birth Control Works
18 hours, 1 minute ago
Views: 245 • Comments: 0 • Rating: 0
Tweets: 2 • Share to Facebook
Shares: 1
Comments: 0
: 1
‘Wife Beating Is Not a Matter of ‘Differences of Opinion”: Domestic Violence Groups Blast Oberweis - Aurora Beacon-News For a man intelligent enough to amass a fortune in business, state Sen. Jim Oberweis (R-Sugar Grove) can display a head-shaking lack of common sense and courtesy. You may have heard by now how ice-cream magnate Oberweis compared "wife ...
Birth Control Works
18 hours, 7 minutes ago
Views: 233 • Comments: 0 • Rating: 1
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
RNC Paid Intel Firm for Clinton Dirt As the general election was taking shape last summer, the Republican National Committee initiated a series of payments to a low-profile firm started by retired CIA officers that worked closely with an ex-Russian spy. The payments attracted attention in ...
Birth Control Works
1 day, 1 hour ago
Views: 394 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Whatever You Do, Don’t Say Yes When This Chatbot Asks, ‘Can You Hear Me?’ Another in my irregular series on privacy in our era, and how to defend yourself in digital venues. For your cell phone-Get TruCaller or some other good robo call screener/blocker. If you have an Ooma phone, set your virtual ...
Unshaken Defiance
1 day, 2 hours ago
Views: 602 • Comments: 2 • Rating: 2
Tweets: 107 • Share to Facebook
Shares: 3
Comments: 0
: 3
NOT ONE WOMAN: What’s Missing From This Photo of Politicians Deciding the Future of Women’s Health? President Donald Trump met with the arch-conservative House Freedom Caucus at the White House Thursday to try to hammer out a deal on Obamacare repeal. A major question in the final negotiations? Whether or not maternity care and mammograms ...
Birth Control Works
1 day, 7 hours ago
Views: 307 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0