Monday , December 17 2018 Ausdroid » Software » Apps, Games & Google Services » Lastpass posts security advisory; hack detected but security not compromised

LastPass
Lastpass has today notified users that its team discovered and blocked suspicious activity on its network on Friday last week. In their investigation, they have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

What does this mean for users? Not too much to worry about really. Lastpass said:

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

Nonetheless, we are taking additional measures to ensure that your data remains secure. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.

If you use an encrypted password manager such as Lastpass the most important security aspect is a secure master password. Without this, and factoring in their strong cryptographic security, your data is likely to remain fairly safe despite attempts such as this.

Chris Rowland   Managing Editor

Chris Rowland

Chris has been at the forefront of smartphone reporting in Australia since smartphones were a thing, and has used mobile phones since they came with giant lead-acid batteries that were "transportable" and were carried in a shoulder bag.

Today, Chris publishes one of Australia's most popular technology websites, Ausdroid. His interests include mobile (of course), as well as connected technology and how it can make all our lives easier.

2
Join the Ausdroid Conversation

avatar
1 Comment threads
1 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
2 Comment authors
Peter Masseyvtwkang Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
vtwkang
Guest
vtwkang

Also, affected users should turn on two-factor authentication, that way even if the hackers manage to decrypt your password, they still need an authentication code to log into your Lastpass account.

Peter Massey
Guest
Peter Massey

I didn’t even know LastPass supported two-factor until I read about the breach!

Enabled now!

Check Also

Huawei will launch StorySign in February 2019 helping deaf and hard of hearing kids to read

Being deaf or hard of hearing can present unique problems to kids, parents and educators. …