LastPass hacked, User Data and Master Passwords compromised
Here’s bad news for LastPass users, the cloud-based password manager is the latest victim to cyber-attack and has been reportedly hacked.
LastPass CEO Joe Siegrist stated in a blog that,
“The investigation has shown that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”
Thankfully as LastPass has worked tremendously on their security, Encrypted user data (stored password for other sites) has not be hacked.
Now let us tell you what salts and hashes are:
Hashing the easiest technique of protecting passwords in which plain text goes through a no of iterations in an algorithm that turns it into encrypted text. In theory, it is said that it cannot be reversed. Salt is a random string of data which protects the one way hash function of the password. It basically acts as an extra cover of protection. The random string of characters make it tough to crack even easy passwords.
LastPass is company which provides hassle-free experience for using online services like email, social media account and banking as well. LastPass remembers all your passwords and all you have to remember is a single master password. So you don’t need to remember all the 10-15 letter passwords combinations of alphabets letters and symbols. LastPass has more than 76 million and all their account passwords are stored in encrypted user vaults of LastPass.
The company said that they learnt about some suspicious intrusion activity on their network and blocked it. Hackers do not have full access to the password of LastPass users.
The company has emailed the customers and notified the users the hacking.
If users have a weak password and have used the same master-password on other sited there is a chance that hackers can gain access. Also users who have a weak password and have re-used their password on other sites have been instructed to change their passwords on urgent basis. Also, the company has been recommended users to change their master password and set up a two factor authentication.