Password storage company LastPass have been hacked

Using an online password repository for your companies passwords! If you think about it, it’s most likely not the cleverest of moves!

Source for below:

Passwords to other sites that were stored on LastPass, however, aren't thought to have been compromised.

LastPass says it protects its authentication hashes with 100,000 rounds of server-side PBKDF2-SHA256 cryptography, which it says "makes it difficult to attack the stolen hashes with any significant speed."

Still, it's not impossible for someone brute-force the process and discover your master password. However, if your master password is complex, you should be safe – it will take an attacker far too long to crack your passphrase. Setting up two-factor authentication kills the problem dead, anyway.

"We are confident that our encryption measures are sufficient to protect the vast majority of users," Siegrist added.

Some LastPass users weren't pleased with how they found out about the breach. In comments posted to the company's website on Monday, many expressed dismay that they learned of the incident via Reddit, Twitter, and elsewhere, rather than via direct email from LastPass.

"What the hell guys?" one user who identified himself as "Ian" wrote. "I'm not annoyed that you got breached, I'm annoyed that as a paying customer, I found out about it via Facebook."

Others complained of problems when trying to change their master passwords, or being locked out of their accounts after making the change.

LastPass says that in addition to requiring users to use extra authentication steps and to change their master passwords, an email is being sent out to every user explaining the issue.

Comments are closed.