14 DAY TRIAL // The famous password management service LastPass has been hacked, and its users have been advised to change their master passwords as soon as possible.
LastPass is one of the most used services of its kind, and it seems a little bit ironic that a service that promises to keep your passwords safe gets hacked in return. This only goes to show that no company is really safe from attack, no matter the profile of their business. Now, we have to wait for the servers of antivirus developers to get infected, and the circle will be complete.
Interestingly enough, the company knew about an intrusion in their system since Friday, but they waited a few days to confirm what happened. From what they are saying, the LastPass user accounts haven't been accessed and the encrypted user vault data hasn't been tampered with, but a bunch of other data has fallen into the hackers' hands, like email addresses, password reminders, and authentication hashes.
Change your pass for LastPass
LastPass is probably the last service that you would expect to have problems with hackers, but now that it happened, users need to make sure that their accounts and settings remain safe.
"Nonetheless, we are taking additional measures to ensure that your data remains secure. We are requiring that all users who are logging in from a new device or IP address first verify their account by email unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password," noted Joe Siegrist from the LastPass team.
The good news is that no encrypted data has been stolen, so users don't have to update their passwords for websites that are stored in the vault. It's also quite likely that users will also receive an email soon, prompting them to change the master password, but they will only be able to do that from a trusted IP address or device, otherwise verification will be requested.
We'll keep you informed if any new details surface regarding the LastPass hack.