LastPass Hack Raises Questions on Security
Password managers have made the tedious task of managing multiple accounts easier, and are used to boost online security by offering a single—and hopefully secure—repository of various login credentials sealed in by one strong master password. It appears to be the smarter choice. But what if this, too, gets hacked?
LastPass divulged on Monday the discovery of “suspicious activity” in their network, which was seen and blocked accordingly last Friday. While company CEO Joe Siegrist wrote that there was “no evidence that encrypted user vault data was taken”, investigations have shown that the digital break-in has compromised account email addresses, password reminders, server per user salts, and authentication hashes.
Siegrest furthered, “We are confident that our encryption measures are sufficient to protect the vast majority of users.” However, customers were urged to replace the master password used in accessing their accounts.
Getting the passwords of online users is one of the easiest means to penetrate into and steal one’s identity, and has proven to be a cybercriminal goldmine. The common mistake lies in the users who apply easily-decipherable passwords and those that recycling these across different accounts and platforms, thinking that doing so makes things less annoying and tasking.
LastPass is designed to make it easy to manage multiple passwords across several accounts. Like its counterparts, it offers a key to a sealed gate that leads to one’s multiple accounts. How? To date, the password manager’s 72million-user base is given a strong master password for accessing different accounts and websites, which it stores in an encrypted LastPass user vault.
Siegrest highlighted, “Security and privacy are our top concerns here at LastPass. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users.” The LastPass team refrained from going into more details of the hack as investigations are still ongoing with the help of authorities and third-party security experts.
LastPass suffered a similar breach in 2011. However, this incident separates itself from the previous one as the company is now fully aware of what was compromised. It is also confident that the strong encryption methods employed by the company will make it difficult for attackers to crack the compromised encrypted master passwords.
LastPass also shared that there is no need to change individual passwords used in various accounts stored in the user vaults. However, the company strongly urged users to set up two-factor authentication to bolster security and required those who access their LastPass account from new devices or IPs to authenticate through email.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases