Online IT Services Password Locker LastPass, Hacked

Online IT Services Password Locker LastPass, Hacked

Online IT service password locker LastPass, one of the more popular password lockers today is the latest cybercrime casualty revealing its security team has discovered a breach to its network last Friday.  As a result, LastPass users will be receiving notifications to change their master passwords.  Additionally, users who do not have two-factor authentication enabled will also need to verify their identity via email if they log in to their account using a new device or from a new IP address.  Specialists in the IT services in Sydney industry have commented on the rising attacks to these kinds of online IT services such as LastPass and other password managing services.

The breach was announced last Monday on the LastPass company blog post.  This was done after their security team discovered suspicious activity which showed that the cybercriminals were able to steal users’ information such as email addresses, authentication hashes, password reminders and server per user salts.  However, the investigation did not reveal any indication that the cybercriminals were able to steal encrypted data from LastPass users’ password vaults – a much bigger concern according to experts on online IT services.

CEO Joe Siegrist said that despite the hackers stealing server per salts and authentication hashes which could make it possible to figure out any weak master passwords, LastPass’ protections (including running 100,000 rounds of PBKDF2-SHA256 server-side ) will definitely make it “difficult to attack the stolen hashes with any significant speed.

Furthermore, this isn’t LastPass’ first encounter with cybercrime, sources within the online IT services reveal.  It was first attacked last 2011 however, LastPass officials have said that this current attack is different because they knew almost right away what information has been stolen and have taken the necessary measures to further protect their users and to deter further hacking attempts in the future.

Cybercrime experts in the IT services Sydney industry often recommended the use of password managers to help users manage their different online logins.  LastPass is one of the many password managing services that allow people to store passwords for their numerous online accounts and includes tools to help them generate strong passwords.  LastPass users only need to remember their master password to be able to use the service and log on to their online accounts.

According to the online IT services experts that are focusing their researches on the growing cybercrime incidences, LastPass users should not just change their master password.  They should also look into changing their various login passwords for all their online accounts just to be doubly safe.