LastPass, a password management service designed to keep your many different passwords secure in one place, has been hacked, so the company is now advising users to go ahead and change all of their passwords. The hack apparently took place some time last week, though it wasn’t revealed to users until Monday.
During the infiltration, some users’ had their email addresses, authentication hashes and password reminders compromised, though no encrypted data was taken. In a security notice placed on the LastPass website, CEO Joe Siegrist, said: “We want to notify our community that on Friday our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, or that LastPass user accounts were accessed. ”
“We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side.”
The company then went on to let us know that security and privacy are “top concerns” at LastPass. Right now LastPass is working with the authorities to try to track down the hackers but in the meantime, any users using LastPass to manage their passwords should probably get to changing them.
Discuss on our Facebook page, HERE.
KitGuru Says: Not great news really, a hack like this make password managers as a whole seem like a pretty bad idea. Did any of you happen to use LastPass?