LastPass hacked
Results 1 to 4 of 4

Thread: LastPass hacked

  1. #1
    Join Date
    Feb 2000
    Location
    Idaho Falls, Idaho, USA
    Posts
    18,063

    LastPass hacked


  2. #2
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    25,426
    Oops.

    LastPass said it discovered the digital break-in on Friday. It's still very early in its investigation, but if LastPass is right, hackers didn't manage to grab plain text versions of the all-powerful master passwords.
    Umm, why are they storing plain text versions of passwords anyway? Sounds to me like they had lax security standards to begin with to have done that.

    VirtualDr email notices are not working.
    Check back regularly for responses.

    _____________________
    cat lovers click here

  3. #3
    HAN's Avatar
    HAN is offline Virtual PC Specialist!!!
    Join Date
    Feb 2002
    Location
    USA
    Posts
    4,319
    fink: When I read your post, I thought that must be relating to the NBC link. They've been known to misrepresent some security things. But no! It the CNN story that's inaccurate.

    My 10ยข ...

    LastPass (LP) never stores a master password anywhere in plain text. LP's servers only store a hash of a master password that is sent from your device. So they don't even get the password in an encrypted state. All they get is the hash.

    What was stolen were some "puzzle" pieces (my words) on how a LP user's encrypted passwords are accessed. The master password hash, the random factors (salt) that are used as part of the hashing, the users email addresses and master password hints/reminders (which likely were in plain text.)

    As long as a user had a good master password (meaning use of upper and lower case letters, numbers, special characters and 20+ or more characters in length), only a weak password hint would be, IMO, cause for concern.

    Am I happy they were hacked? Certainly not. But the methods that LP has employed to protect my passwords did not fail. LP responsibly reported the hack. They told us about any changes they were making to help stem any fallout from the breach. IOW, I think they have handled the issue well.

    I'm no encryption expert. But I do know the math that modern encryption uses, works. So I changed my LP master password (can't hurt anything) and will continue to use it.

    LastPass Blog about the breach https://blog.lastpass.com/2015/06/la...y-notice.html/

  4. #4
    Join Date
    Aug 2010
    Location
    Southern ON Canada
    Posts
    442
    I'm glad they emailed me right away about the hack. I'm not going to change my master password as it is rated at 99% at lastpass site. My hint is "R". If someone could get my password from that and get the numbers from my grid to log in from a device I haven't registered, I'd be impressed.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •