9/13/2023 0 Comments Lastpass breach 2015![]() It doesn’t need to be more difficult, just longer. If yours current master password is weak, there is a very simple way of making it stronger - make it longer. So, it should go without saying that it requires a strong password. Your master password is used to access all the data stored by LastPass. If a hacker can brute force (guess) your master password, they can access any account to which it is linked. The whole point of using a password manager is to make sure all passwords are strong, unique, and secure. I mean, I don’t see a single problem with this.” Steve Gibson, Security Now I’ve completely switched my entire solution for managing passwords, after spending days researching it and testing it and playing with it, over to LastPass. This thing is secure every way you can imagine. The code has been audited several times, but most notably by the security industry expert I trust most… It’s one of very few password managers that do security correctly. I have recommended, and use, this password manager due to the way it correctly implemented well known security techniques and best practices. Scary comment aside, let me justify it and explain why it’s easy to fix. LastPass is incredibly secure - if used correctly, but… If your LastPass “master password” is used anywhere else then all passwords stored using their service could be at risk. So, do we believe them? Does it matter? TL DR: Yes and no… The post goes on to state their confidence in how they operate, as one would expect. I would hazard a guess at a formal investigation by the likes of the F.B.I is under way so details will trickle out as suspects are apprehended. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. It seems fairly obvious that LastPass are still investigating the incident due to the vague language used during disclosure: I can almost hear the click-baiting, over hyped, blog posts being created so thought I’d try provide a realistic take on events. The details still seem a little scarce, but I believe we have enough information to make an educated guess. LastPass released an email and published a blog post covering an intrusion detected on their network. My first thought was “urgh, another phishing email!”. I woke up, checked my emails, and saw a message titled: LastPass Security Notice. LastPass says that in addition to requiring users to use extra authentication steps and to change their master passwords, an email is being sent out to every user explaining the issue.Another day, another massive data breach. Others complained of problems when trying to change their master passwords, or being locked out of their accounts after making the change. "I'm not annoyed that you got breached, I'm annoyed that as a paying customer, I found out about it via Facebook."Ĭome on Why did I have to learn of your breach from #whatnottodo "What the hell guys?" one user who identified himself as "Ian" wrote. In comments posted to the company's website on Monday, many expressed dismay that they learned of the incident via Reddit, Twitter, and elsewhere, rather than via direct email from LastPass. Some LastPass users weren't pleased with how they found out about the breach. ![]() "We are confident that our encryption measures are sufficient to protect the vast majority of users," Siegrist added. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |