Cloud based password management service LastPass hacked and encryption elements, password reminders and email addresses of users compromised
The cloud based user password management site, LastPass reported that hackers might have stolen some of their registered users’ information as their network was hacked by unknown hackers. LastPass also said that though the hashed master passwords saved on the company servers may be compromised but there is no direct or evident proof that there was an attack against the password program service. That’s because the master passwords that unlock those vaults were protected using an extremely slow hashing mechanism that requires large amounts of computing power to work.
However the company said that some encryption elements, password reminders and email addresses from the users were compromised.
Password is a web based password management service which provides users with a option to resolve the problem of memorizing passwords. LastPass said that they have detected several suspicious activities on LastPass’ network system.
In all, the unknown attackers obtained hashed user passwords, cryptographic salts, password reminders, and e-mail addresses, LastPass CEO Joe Siegrist wrote in a blog post.
LastPass said that its security team already stopped the attack. In addition, the company said that the passwords and user accounts stored in their system have not been compromised, according to The Age.
The company is encouraging its users to still change their master passwords for their service as to avoid potential data breaches using the stolen information. It is to be noted that the company has asked its its users to change only the master password, and not the individual passwords for every site such as Facebook, Twitter and other more applicable sites.
LastPass says that master passwords that have been also used as passwords in other websites need to be updated for added security.
The LastPass statement said that,
“LastPass user accounts are locked down. You can only access your account from a trusted IP address or device – otherwise, verification is requested. We are confident that you are safe on your LastPass account regardless.”
LastPass said that they are also working with the authorities and security forensics experts regarding the matter to possibly catch the hackers and by following their digital trail.
The company said that they will be sending individual emails for those who are affected by the compromised data.