Latest in Hacking

Image credit:

Time to change your master password, LastPass was hacked

Roberto Baldwin, @strngwys
June 15, 2015
729 Shares
Share
Tweet
Share

Sponsored Links

Password-management service LastPass announced today that it "discovered and blocked suspicious activity" on its network on Friday. While the company says that there is no evidence that user vault data (a user's stored passwords) was taken or that accounts were accessed, it did acknowledge that user email addresses, authentication hashes, password reminders and server per user salts were compromised. LastPass is confident that its encryption is strong enough to make attacking those stolen hashes with any speed difficult. But yeah, if you're a LastPass customer you should change your password. Even though LastPass recommends you change your password if you have a weak master password or use that password on multiple sites, you really should change your master password -- and switch on multifactor authentication -- just in case.

Dear LastPass User,

We wanted to alert you that, recently, our team discovered and immediately blocked suspicious activity on our network. No encrypted user vault data was taken, however other data, including email addresses and password reminders, was compromised.

We are confident that the encryption algorithms we use will sufficiently protect our users. To further ensure your security, we are requiring verification by email when logging in from a new device or IP address, and will be prompting users to update their master passwords.

We apologize for the inconvenience, but ultimately we believe this will better protect LastPass users. Thank you for your understanding, and for using LastPass.

Regards,
The LastPass Team








All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
729 Shares
Share
Tweet
Share

Popular on Engadget

The Morning After: NASCAR driver loses sponsor after 'rage quitting' esports race

The Morning After: NASCAR driver loses sponsor after 'rage quitting' esports race

View
Google algorithm lets robots teach themselves to walk

Google algorithm lets robots teach themselves to walk

View
Paramount cancels movie's theatrical release in favor of Netflix

Paramount cancels movie's theatrical release in favor of Netflix

View
Spotify is testing real-time lyrics

Spotify is testing real-time lyrics

View
GM offers free, limited internet access in its connected cars

GM offers free, limited internet access in its connected cars

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr