AfterDawn: Tech news
AfterDawn > News > Popular password manager LastPass confirms some user data was stolen

Popular password manager LastPass confirms some user data was stolen

Written by Andre Yoskowitz @ 15 Jun 2015 9:40 User comments (3)

Popular password manager LastPass confirms some user data was stolen

Password manager LastPass has sent out a security notice to all users confirming that some user data was stolen but most data should be secure.
Here is the full statement from LastPass, which includes the recommendation to change your master pass:

We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.



Nonetheless, we are taking additional measures to ensure that your data remains secure. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.

An email is also being sent to all users regarding this security incident. We will also be prompting all users to change their master passwords. You do not need to update your master password until you see our prompt. However, if you have reused your master password on any other website, you should replace the passwords on those other websites.

Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.

Security and privacy are our top concerns here at LastPass. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. In addition to the above steps, we're working with the authorities and security forensic experts.

We apologize for the extra steps of verifying your account and updating your master password, but ultimately believe this will provide you better protection. Thank you for your understanding and support.

Tags: security breach Lastpass
<E3: Here is the awesome DOOM gameplay trailer >Microsoft announces Xbox Elite wireless controller for hardcore gamers
Previous Next  

3 user comments

116.6.2015 11:21
ddp
Send private message to this user
Moderator

that is why I don't save my stuff on clouds or even passwords on my computers as no system is safe except for your brain & pen & paper.

216.6.2015 19:53
hearme0
Send private message to this user
Senior Member

And we have a once-anticipated reason for why I chose not to use this company, or Keypass.

I use Password Safe which is a sourceforge project. Been using for over a decade now. Secure, easy, straight-forward, syncable with cloud if you know how to do basic stuff like that.

Though [in reply to ddp], I store sensitive stuff like resumes and the password db in a Windows-created, 2 or so GB VHD, then mount, then encrypt with Bitlocker then store THAT encrypted VHD on DropBox or OneDrive and their peeping eyes can't see jack.

Brutally easy and sad to say that I used Truecrypt for a while when I should have used what's available in Windows 7

This message has been edited since its posting. Latest edit was made on 16 Jun 2015 @ 8:03

321.6.2015 18:30
narm050
Send private message to this user
Newbie

Pen & paper is definitely NOT secure.

With all the logins that a typical internet user has, pen & paper is neither secure nor feasible.

The human brain is surely capable, but few people can unlock perfect memory. Relying on a pseudo-random "scheme" that "only you" know the pattern is also inadvisable.

I'm perfectly happy with LastPass and two-factor authentication. I realize that getting my own devices hacked and then having my own master password hacked is a risk, but I think its better than having a huge list of passwords written down (which could be destroyed in a fire or physically stolen).

I still changed my master password, but I was never really worried. I'd be much more worried if I had all my passwords written down.

This message has been edited since its posting. Latest edit was made on 21 Jun 2015 @ 6:31

Comments have been disabled for this article.

Latest news

VLC hits milestone: over 5 billion downloads VLC hits milestone: over 5 billion downloads (16 Mar 2024 4:31)
VLC Media Player, the versatile video-software powerhouse, has achieved a remarkable feat: it has been downloaded over 5 billion times.
2 user comments
Sideloading apps to Android gets easier, as Google settles its lawsuit Sideloading apps to Android gets easier, as Google settles its lawsuit (19 Dec 2023 11:09)
Google settled its lawsuit in September 2023, and one of the settlement terms was that the way applications are installed on Android from outside the Google Play Store must become simpler. In the future, installing APK files will be easier.
8 user comments
Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets (06 Jun 2023 9:19)
Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
Neato, the robot vacuum company, ends its operations Neato, the robot vacuum company, ends its operations (02 May 2023 3:38)
Neato Robotics has ceased its operations. American robot vacuum pioneer founded in 2005 has finally called it quits and company will cease its operations and sales. Only a skeleton crew will remain who will keep the servers running until 2028.
5 user comments
How to Send Messages to Yourself on WhatsApp How to Send Messages to Yourself on WhatsApp (20 Mar 2023 1:25)
The world's most popular messaging platform, Meta-owned WhatsApp has enabled sending messages to yourself. While at first, this might seem like an odd feature, it can be very useful in a lot of situations. ....
18 user comments

Reviews

Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets
Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
Review: Samsung Jet Bot 90 AI+ - a high-end robot vacuum cleaner Review: Samsung Jet Bot 90 AI+ - a high-end robot vacuum cleaner
Samsung's Jet Bot 90 AI+ is a top-class robot vacuum cleaner that can avoid obstacles and empty its own dust container. Here we review the product.
1 user comment
Samsung Jet Bot 80+ review - excellent robot vacuum cleaner Samsung Jet Bot 80+ review - excellent robot vacuum cleaner
We review Samsung's Jet Bot 80+ robot vacuum cleaner over a period of three months.
1 user comment

Guides

HOWTO: Boot Android device into Safe Mode HOWTO: Boot Android device into Safe Mode
Are you having trouble with your Android device? If you find that your device has become sluggish, is freezing, takes too long to boot or any of a host of other performance concerns, you may want to boot into Safe Mode.
Windows 11: Check if TPM is enabled on your computer Windows 11: Check if TPM is enabled on your computer
In this short guide we will look at how you can check the status of Trusted Platform Module (TPM) on your PC ahead of the coming launch of Windows 11.
GUIDE: Wi-Fi speeds are slow? Here are some tips GUIDE: Wi-Fi speeds are slow? Here are some tips
Having problems with Wi-Fi speed and stability at home? Here are some tips to follow to alleviate the issues.
1 user comment
What IP rating for dust and water resistance means What IP rating for dust and water resistance means
An IP classification (such as IP68) is given to mobile phones, Bluetooth speakers, and other devices, but what do these classifications mean?
1 user comment
Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix
Do you have problems with you Wi-Fi? Slow connection or is it cutting off constantly? This guide aims to remedy these problems.
1 user comment

News archive

Sections:

Follow us:

© 1999-2024 AfterDawn Oy. All rights reserved
Back to Top ⇧
AfterDawn is powered by Powered by UpCloud