Click to Skip Ad
Closing in...
  1. Control Garage Door With iPhone
    08:10 Deals

    Unreal deal gets you Amazon’s hottest smart home gadget for $23 – plus a $40 c…

  2. Amazon Echo Auto Price
    11:41 Deals

    Last chance to add hands-free Alexa to your car for $19.99 with this Amazon deal

  3. Best Amazon Finds 2021
    08:49 Deals

    5 must-have Amazon devices you might’ve never even heard of

  4. Amazon Gift Card Promotion
    14:41 Deals

    Amazon’s giving away $15 credits, but this is your last chance to get one

  5. Apple Watch Series 6 Amazon
    14:59 Deals

    Apple Watch Series 6 is $100 off in this surprise Amazon sale

Leading password security company gets hacked; customers advised to change their master passwords

June 15th, 2015 at 6:12 PM
LastPass Security

These days, it appears as if no one is safe from hackers. Just a week after the security firm Kaspersky announced that they had been hacked comes word that LastPass, a password security company, has been hacked as well.

DON’T MISS: Two years after its epic E3 blunders, Microsoft is suddenly stomping all over Sony

LastPass, for those unfamiliar with the service, operates as a secure vault for all of a user’s sensitive Internet passwords. The way it works is rather simple: users select a master password for the LastPass website, and once authenticated, they can then access all of their other passwords.

Of course, any time there’s a site whose business model revolves around the storage of sensitive passwords, it’s a safe bet that hackers will do their best to break in, which is exactly what happened this past weekend.

In a blogpost detailing the recent security compromise, Joe Siegrist of LastPass writes that “LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”

Nonetheless, because the information on LastPass’ servers is heavily encrypted, Siegrist writes that it’s extremely unlikely that the hackers will be able to do much with what they uncovered.

“We are confident that our encryption measures are sufficient to protect the vast majority of users,” Siegrist writes. “LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.”

Naturally, LastPass will be requiring its customer base to update their master password as a precautionary measure. To be clear, encrypted passwords for other sites which reside in LastPass’ vault were not taken during the security breach, which is to say that users only need to change their master password.

A security breach is never good news, but when it does happen, it’s nice to see a company get out in front of it and be as transparent as possible, as LastPass has been with this most recent incident.

A life long Mac user and Apple enthusiast, Yoni Heisler has been writing about Apple and the tech industry at large for over 6 years. His writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and most recently, TUAW. When not writing about and analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions, the most recent examples being The Walking Dead and Broad City.

Popular News