Categories: Security

LastPass Breached, Warns Users To Change Master Password

LastPass, a popular password-management website, said late on Monday that attackers have compromised its systems, with data stolen that could allow hackers to guess weak master passwords.

The company said that as a precaution it is prompting all users to change their master passwords.

Third-party passwords stored with LastPass were not affected, the company said. LastPass said it is sending an email to all users informing them of the incident.

The breach was detected on Friday, and LastPass found that email addresses, password reminders, server per user salts and authentication hashes were compromised.

A hash is a string of characters used to store a password in an encoded form that is, in theory, difficult to reverse. Aside from this encoding, LastPass said the hashes are protected by measures such as the addition of a random element, called a “salt”, and with additional encryption.

“This additional strengthening makes it difficult to attack the stolen hashes with any significant speed,” said LastPass chief executive Joe Siegrist in a blog post disclosing the incident. “We are confident that our encryption measures are sufficient to protect the vast majority of users.”

However, attackers now have access to low-cost cloud computing resources capable of performing powerful attacks on such security measures, so that as a precaution the company is prompting all users to change their master password.

Account lockdown

Accounts have been locked down for the time being, meaning that unless they are accessed from a trusted IP address or device, users will be requested to verify their identity, unless they have multifactor authentication enabled.

LastPass said users may be particularly vulnerable to password-guessing attacks if they used a weak password, such as one based on a name or dictionary word, or if they used their LastPass password on another website.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

5 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

7 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

7 hours ago