Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

LastPass Hacked, Change Your Master Password Now

Batu69

By Batu69
in Security & Privacy News

Recommended Posts

Batu69

Batu69

Posted
Posted

Bad news first, folks. LastPass, our favorite password manager (and yours) has been hacked. It’s time to change your master password. The good news is, the passwords you have saved for other sites should be safe.

The Intermediate Guide to Mastering Passwords with LastPass

LastPass is easy, secure, and works across systems and browsers—it's our favorite password… Read more

LastPass has announced on their company blog that they detected an intrusion to their servers. While encrypted user data (read: your stored passwords for other sites) was not stolen, the intruders did take LastPass account email addresses, password reminders, server per user salts, and authentication hashes. The latter is what’s used to tell LastPass that you have permission to access your account.

According to LastPass, the authentication hashes should be sufficiently encrypted to prevent anyone from using them to access your account. However, the company is still prompting all users to update their master password that they use to log in to their LastPass account. If you use LastPass, you should do this immediately. If you share that master password with any other services, you should change it there, too. Finally, if you haven’t enabled two-factor authentication you should do that immediately here.

Here's Everywhere You Should Enable Two-Factor Authentication Right Now

Two-factor authentication is one of the best things you can do to make sure your accounts… Read more

We’ve talked about what happens if LastPass gets hacked before. As it stands, it doesn’t seem that this hack resulted in any significant data losses for users. However, it’s still important to take steps necessary to protect your account as soon as you can.

Note: It sounds like LastPass’ servers are getting hammered right now, so if your password change doesn’t go through, check back frequently through the day until it does.

LastPass Security Notice | LastPass

lifehacker.com

Link to comment
Share on other sites
  • Replies 44
  • Views 4.4k
  • Created
  • Last Reply
OrbingStorm

OrbingStorm

Posted
Posted

Im glad you told me because I never recieved an email from Lasspass letting me know. :angry:

Link to comment
Share on other sites
Arachnoid

Arachnoid

Posted
Posted

LastPass has announced on their company blog that they detected an intrusion to their servers. While encrypted user data (read: your stored passwords for other sites) was not stolen, the intruders did take LastPass account email addresses, password reminders, server per user salts, and authentication hashes. The latter is what’s used to tell LastPass that you have permission to access your account.

According to LastPass, the authentication hashes should be sufficiently encrypted to prevent anyone from using them to access your account. However, the company is still prompting all users to update their master password that they use to log in to their LastPass account. If you use LastPass, you should do this immediately. If you share that master password with any other services, you should change it there, too. Finally, if you haven’t enabled two-factor authentication you should do that immediately here.

Alternatly they could have compromissed the server with software that reads all the newly created passwords and steals the relavent salted files once more.

Link to comment
Share on other sites
kantry123

kantry123

Posted
Posted

Just one of the many reasons why I dumped this LastPass.

whats ur alternative now ?

regards

Link to comment
Share on other sites
dcs18

dcs18

Posted
Posted

Just one of the many reasons why I dumped this LastPass.

whats ur alternative now ?

regards

RoboForm . . . . . . . . . . . . . simply awesome! :wub:

Link to comment
Share on other sites
psyko666

psyko666

Posted
Posted

ehm.. I wonder if it's safe in the future to use LastPass, just a matter of time till all your stuff is on the open IMO..

Link to comment
Share on other sites
Roger D

Roger D

Posted
Posted

Just one of the many reasons why I dumped this LastPass.

whats ur alternative now ?

regards

RoboForm . . . . . . . . . . . . . simply awesome! :wub:

Is there any free version like Lastpass ? :rolleyes:

Link to comment
Share on other sites
dcs18

dcs18

Posted
Posted

Just one of the many reasons why I dumped this LastPass.

whats ur alternative now ?

regards

RoboForm . . . . . . . . . . . . . simply awesome! :wub:

Is there any free version like Lastpass ? :rolleyes:

I am using one from a RoboForm Giveaway, myself. ^_^

Link to comment
Share on other sites
Chatman

Chatman

Posted
Posted

There is no software which can't be cracked. The more bullet-proof guarantees, the more chances that someone will want to break it.

Link to comment
Share on other sites
kantry123

kantry123

Posted
Posted

Just one of the many reasons why I dumped this LastPass.

whats ur alternative now ?

regards

RoboForm . . . . . . . . . . . . . simply awesome! :wub:

Is there any free version like Lastpass ? :rolleyes:

lastpass browser extension is free

we all use the brow extn

regards

Link to comment
Share on other sites
steven36

steven36

Posted
Posted

There is no software which can't be cracked. The more bullet-proof guarantees, the more chances that someone will want to break it.

If it can be cracked it can be hacked that's for sure :lol: I put my passwords in the old way . Always have. I just keep them in a safe place .

Link to comment
Share on other sites
psyko666

psyko666

Posted
Posted

I'm not a genius in these things... but guys... should I remove/delete my LastPass account or not?

I mean.. is it still safe to use?

Link to comment
Share on other sites
user@nsaneforums

user@nsaneforums

Posted
Posted

Just one of the many reasons why I dumped this LastPass.

whats ur alternative now ?

regards

RoboForm . . . . . . . . . . . . . simply awesome! :wub:

till get hacked :P

Link to comment
Share on other sites
dcs18

dcs18

Posted
Posted

Just one of the many reasons why I dumped this LastPass.

whats ur alternative now ?

regards

RoboForm . . . . . . . . . . . . . simply awesome! :wub:
till get hacked :P

You mean "history repeats itself" . . . . . . . . . . . like it always has - for LastPass. :tehe:

Link to comment
Share on other sites
steven36

steven36

Posted
Posted

till get hacked :P

Hackers stole every single Federal government workers SSN and info in the USA . Do you think some cheap software can protect you when Governments with all the money they need at there disposal can't even protect themselves ? ;)

Link to comment
Share on other sites
psyko666

psyko666

Posted
Posted

Except even then, if they go through all that time, effort, and computing power, if you take 5 seconds change your password now, the result they end up with (at whatever point in the future weeks, months or even years from now) will be absolutely f'ing useless, because they'll excitedly run over to lastpass.com, enter in this cracked password, and find it to be invalid, all because you were smart, calm, level-headed, and you changed your password a long, long time before they got to this point.

Source

You mean just the master password?

Link to comment
Share on other sites
steven36

steven36

Posted
Posted

You just have change your master password but thing is if they keep getting hacked maybe one day you will be in that number they get before they fix it .

But that basic premise—you memorize one password to access all of your passwords—when you think about it does sound like an idiot move. Eggs, basket, etc.—if someone breaks into the application, they’ll have access to your passwords for everything you do.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...