Ad image
Internet

LastPass Password Manager Acknowledges Breach

loku
loku
3 Min Read
hacking_password_ap.jpg
LastPass, the online password manager, announced Monday in a blog post that its network was breached and that hackers made off with user email addresses, password reminders and encrypted master passwords.Within the security community, password managers have long been controversial. Some say online password managers help everyday users become more secure than they would otherwise, because it makes it easier to set up complex different passwords for different accounts without having to remember them all. Others have been wary of password managers like LastPass because if the password manager gets breached, hackers can potentially unlock all the accounts managed through the service.

Joe Siegrist, the LastPass chief executive, said the company discovered the breach on Friday after detecting suspicious activity on its network. The company said that it found no evidence that LastPass user accounts were compromised, or that hackers were able to get users’ master passwords, or passwords encrypted with that user password.

But the data hackers did access – including email addresses and password reminders – is still troubling, security experts note, in that often all hackers need to unlock an email account is an email as a username plus a password reminder.

Tod Beardsley, a security engineering manager at Rapid7, said that the attack gave hackers a list of LastPass user email addresses that they could target in so-called phishing attacks, in which they send victims emails with links that try to trick users into revealing more data, like a fake “Update your LastPass master password” email, that can be used to crack their accounts.

LastPass said it would be resetting users’ master passwords, and advised users to turn on multifactor authentication, an added security measure which requires a second one-time password, often sent to users via text message, anytime they log in to their accounts from an unrecognized machine.

The company said it was confident that its encryption measures would be enough to protect the vast majority of its users. LastPass strengthens the keys needed to unlock master passwords by forcing them to go through a large number of complicated iterations. The company appends random digits to the key, then encrypts it more than 100,000 times, which makes it difficult to break stolen hashes with password cracking tools.

The attack was the second breach notification from LastPass. The first incident happened four years ago. The latest attempt to access the company’s passwords was discovered on Friday, but a picture posted to Imgur, the image sharing site, of a Google security warning suggests that hackers may have found a way inside the service as long as three weeks ago.

 

 

[“source-gadgets.ndtv.com”]

TAGGED: ,
Previous Article Microsoft’s E3 2015 Conference: The Xbox One is Now a PC, HoloLens, and Yes, Games
Next Article Wickedleak Wammy Note 4 With 4G LTE Support Launched at Rs. 14,990

Latest News

Sony Alpha A7IV – First Contemplations
Sony
Admixer Stage Gets an Update: 5 Things to Be aware
Latest Internet News
The 15 Best Virtual Entertainment Locales (and Stages) in 2024
Social Media
Carrying out man-made intelligence and AI Calculations for Dynamic Club Game Encounters
PC Game
The newest HTC sensation is the Sensation XE!
HTC
Father’s Day Gifts That Your Father Can Really Utilize!
Gadgets
Lost your password?