Credentials manager LastPass hacked

By on
Credentials manager LastPass hacked

Users asked to verify accounts, change passwords.

Password and credentials manager LastPass is taking urgent measures to protect its users after the company discovered an unauthorised data disclosure on its network.

Chief executive Joe Siegrist revealed LastPass had discovered and blocked suspicious activity on its network over the weekend and begun an investigation into the matter.

The investigation revealed LastPass account email addresses, password reminders, server per-user salts (added random characters to make it more difficult for attackers to guess data values), as well as authentication hashes (shortened, fixed-length character strings that represent longer, original values) were compromised, Siegrist wrote.

He said there was no evidence so far that encrypted user vault data was taken or that LastPass user accounts were accessed.

While LastPass remained confident that its current encryption measures were strong enough to protect the vast majority of its users, Siegrist said the company will ask users who log in from new devices or different IP addresses to verify their accounts via email.

Siegrist said users will also be asked to update their master passwords. As of writing, it appears users are following that advice in large numbers, overloading LastPass servers'.

Source: Tim Nicholas

There is no need to update passwords for sites stored in LastPass vaults however, as no encrypted data was captured, Siegrist said 

He recommended LastPass users enable multifactor authentication on their accounts for further protection.

Siegrist did not say who LastPass suspected was behind the data breach, but said the company is working with law enforcement and IT security forensic experts on the issue.

LastPass was founded in 2008 and offers free clients for Windows, Apple OS X, Linux, iOS and Android, and paid premium and enterprise apps with a fuller range of features.

In 2011, LastPass urgently warned its users to change passwords following a suspected security breach. The company later bolstered security measures by strengthening encryption and authentications hashing.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
lastpasspassword managersecintsecurity

Sponsored Whitepapers

Responding To Industry Trends And Our 5m+ Users
Responding To Industry Trends And Our 5m+ Users
The Future of Digital Identity in Government
The Future of Digital Identity in Government
Secure Public Services for Every Australian
Secure Public Services for Every Australian
7½ Questions for Aged Care's Digital Decisions
7½ Questions for Aged Care's Digital Decisions
Creating the Sustainable IT Department
Creating the Sustainable IT Department

Most Read Articles

Australia appoints first cyber security coordinator

Australia appoints first cyber security coordinator
Apple rushes out patches for exploited zero day bugs

Apple rushes out patches for exploited zero day bugs
Perpetual 'extended outage' caused by security incident at third-party

Perpetual 'extended outage' caused by security incident at third-party
Exploit emerges for Cisco VPN client vulnerability

Exploit emerges for Cisco VPN client vulnerability

Digital Nation

More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
DeepAI founder on the risks of artificial intelligence
DeepAI founder on the risks of artificial intelligence
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
COVER STORY: The opportunities and risks of cybersecurity insurance in Australia
COVER STORY: The opportunities and risks of cybersecurity insurance in Australia

Log In

  |  Forgot your password?