For those who want to manage all of their passwords under one master password, companies like LastPass provide the solution. However, LastPass recently reported a data breach on June 12.
The company stated that hackers stole email and password reminders and that suspicious activity was detected and blocked on their network. While hackers did not steal users’ master passwords, they were able to obtain hashes – long strings of characters that are used by Last Pass to verify that a master password is correct when a user accesses the service.
Hackers also stole password hints during the breach. LastPass is warning users to look out for phishing emails they may receive from hackers in attempt to gain the user’s password because they have the hints.
So How Bad is It?
In its investigation, LastPass stated that there was no evidence of compromised encrypted user vault data or account information. The company asks that users who are logging into the service with a new device or IP address and have not activated multi-factor authentication to verify their accounts by email.
Vice president of Authentifly, John Zurawski, said that LastPass took the necessary precautions including encryption, anonymization and hashing during the breach. Most breaches occur due to some type of authentication failure, but it is not clear how this breach occurred.
It is also unclear when the breach actually occurred. However, it could have happened long before its recent discovery. Due to the fact that these types of companies hold users’ passwords for other websites, the companies will always be a major target for hackers. LastPass now plans to prompt all of their users to change their master password since this breach occurred.
What To Do
While the company offers users options for multi-factor authentication, many users will not automatically choose extra protection because they do not realize how vulnerable they truly are. Simply having an email and password will not always be enough. Whenever you have the option for multi-factor authentication, you should utilize it.
Users should also ensure that they have a long, strong password. If not, hackers can still attempt to gain entry into their accounts by use of “brute force.” When a hacker uses brute force, a computer attempts to guess the password thousands of times per second.
Be sure to change your passwords frequently and check for any suspicious activity in your accounts to stay ahead of the hackers.
For tips on keeping your information safe online, check out our recent blog post courtesy of NerdWallet.