Cloud-Based Password Manager LastPass Hacked

Password managers are a very attractive target for hackers
Image via Shutterstock

One of the most popular password managers, LastPass, announced today that their network has been compromised.

In a blog post at their website, CEO Joe Siegrist stated they have no evidence encrypted user vaults were stolen, or that any user accounts were accessed. However, the attackers did manage to grab account email addresses, password reminders, and authentication hashes and salts — so this is potentially quite serious, especially for people who didn’t use strong master passwords.

The possibility of an attack like this is one big reason why I prefer to use 1Password as my own password management system, with the password vault only stored locally on my system and shared with my various devices (computer, iPhone, tablet) only via wifi. It’s a little less convenient this way, but this hack shows it’s probably worth the slight extra hassle.

Here’s the full statement from Joe Siegrist; if you’re a LastPass user you should definitely follow the advice herein:

We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

Nonetheless, we are taking additional measures to ensure that your data remains secure, and users will be notified via email. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.

If you have a weak master password or if you have reused your master password on any other website, please update it immediately. Then replace the passwords on those other websites.

Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.

Security and privacy are our top concerns here at LastPass. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. In addition to the above steps, we’re working with the authorities and security forensic experts.

We apologize for the extra steps of verifying your account and updating your master password, but ultimately believe this will provide you better protection. Thank you for your understanding and support.

Joe Siegrist
& the LastPass Team

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2016-01-01 10:29 am PST
LGF User's Guide RSS Feeds Tweet

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Recent PagesClick to refresh
STEALTHING: the Growing Movement of Men Who Secretly Remove Condoms During Sex Two years ago, a 19-year-old Florida teen posted a call for advice in the subreddit askgaybros. In the post, he said he met a guy on Grindr and went back to his place to hook up. When the guy ...
Birth Control Works
1 day, 17 hours ago
Views: 464 • Comments: 5 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 2
Comments: 0
: 0
Trump-Free Sunday Mornings-Daily Beast We think it’s time to go on a more balanced Donald Diet—call it a Sabbath for sanity. And that’s why we’re going to embark on a new experiment: Trump-free Sunday mornings. Barring major breaking news, for a few hours ...
Unshaken Defiance
2 days, 2 hours ago
Views: 216 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 3
Comments: 0
: 0
Video: John Muir - The Last Oasis John Muir - The Last Oasis is a short film directed by Michael Coleman a Martinez, California native inspired by the writings of naturalist, author and early advocate of wilderness preservation John Muir. Many of the locations featured in ...
teleskiguy
2 days, 13 hours ago
Views: 451 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
The Woman Who Saved Lower Manhattan From Becoming a Highway What makes a city? It's not the buildings (skyscrapers) or the streets (traffic), or the banks and government offices and shopping districts sandwiched between them. It's the people. This is obvious nearly to the point of tautology, yet in ...
Birth Control Works
2 days, 21 hours ago
Views: 353 • Comments: 2 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Domestic Violence Shelters Make Plea for State Budget Resolution A group of domestic violence shelter representatives and other human services advocates gathered at Mutual Ground's headquarters in Aurora Wednesday morning to again make a plea for a resolution on the state's budget crisis and to call attention to ...
Birth Control Works
2 days, 23 hours ago
Views: 216 • Comments: 1 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
This Wasn’t the First Act of ‘River Piracy’ to Affect the Yukon’s Biggest Lake Image: Kluane11.jpg Author: Dermot Cole, Alaska Dispatch News Canadian geologist John Clague, whose research on Kluane Lake began in 1980, has long believed that the biggest river flowing into the largest lake in the Yukon Territory could be switched ...
Cheechako
3 days, 16 hours ago
Views: 264 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
BBC Radio 4 - Seriously… - Seriously… - 10 Women Who Changed Sci-Fi 10 Women Who Changed Sci-Fi As the Radio 4 documentary Herland examines how science fiction tackles ideas of gender in future worlds, we present a selection of great female authors who have radically altered the genre... Mary Shelley Credited ...
Birth Control Works
3 days, 16 hours ago
Views: 372 • Comments: 0 • Rating: 2
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Housing Vouchers Would Change the Face of Poverty - Vice VICE: What should every renter understand about their rights?Matthew Desmond: Rights vary from city to city, so getting to know your rights is a matter of knowing where you live, as they can actually be very fair. For example, ...
Birth Control Works
3 days, 16 hours ago
Views: 353 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Craig Finn - ‘Be Honest’ (Live at WFUV)wfuv.org • Follow @wfuv: ow.ly Craig Finn performs "Be Honest" live in Studio A. Recorded 2.21.17. Host: Eric HollandAudio: Jim O'HaraCameras: Sabrina Sitton, Michael Sperling, Kevin O'Malley & Alexandra ReillyEditor: Kevin O'Malley & Sarah Burns
Tarkloon
3 days, 17 hours ago
Views: 222 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Marvel’s Cloak and Dagger - Official Trailer Get your first look at the upcoming Freeform TV series about the two young Marvel heroes, starring Olivia Holt as Dagger and Aubrey Joseph as Cloak. Watch more trailers here!youtube.com Check out the latest and greatest from IGN here!youtube.com ...
Tarkloon
3 days, 17 hours ago
Views: 257 • Comments: 1 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0