You are using an outdated browser. Please upgrade your browser to improve your experience.
Password management service LastPass gets hacked

Password management service LastPass gets hacked

Security
by Brent Dirks
June 15, 2015

Even password managers aren’t safe from hackers. The popular LastPass multi-platform service announced earlier today that some information was stolen by hackers.

First, the good news. In a blog post announcing the breach, the company indicated that no “encrypted user vault data” was taken. That means your stored password information for other sites is safe.

But hackers were able to access user email addresses, password reminders, and heavily encrypted passwords of master vaults. Basically, if they were ever to break the encryption, the hackers could possibly access all of your stored information. But the company is confident in its encryption method:

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

As a precaution, all users who log-in from a new device or IP address first verify their account by email, unless you have two-factor authentication enabled. You’ll also be required to change the master password. If your master password is used elsewhere, the company highly recommends you change it on those other services or sites.

Users can also enable two-factor authentication for LastPass, which is always a good idea.

Along with a Mac and PC version, the LastPass iOS app is available to use with a premium membership that costs $12 per year.

If you’re looking to change password management apps after the breach, I can highly recommend 1Password for your iOS device and the Mac. It can be downloaded now on the App Store for free. A Pro subscription can be unlocked with a $9.99 in-app purchase and contains a number of other features. I’ve been using 1Password on my iOS devices and Mac for more than a year, and have really been pleased.

For other app news and review today, see: Take a trip back in time with the Spotify Rewind feature, See your fitness data in a whole new way with Health+, and Match and merge your way to 13 Thieves, a cute number puzzle.

Mentioned apps

Free
LastPass - Password Manager & Secure Vault
LastPass - Password Manager & Secure Vault
Marvasol, Inc DBA LastPass
Free
1Password - Password Manager and Secure Wallet
1Password - Password Manager and Secure Wallet
AgileBits Inc.

Related articles

Account overload: tips to move toward organizing your user names and passwords
Account overload: tips to move toward organizing your user names and passwords
Passible password management app passes the usability and security test
Passible password management app passes the usability and security test
Nothing found :(
Try something else