LastPass, a password manager that saves its users passwords and gives them secure access to them from every computer and mobile devices, has detected an intrusion on its network.
According to the official statement, information including users' email addresses, password remainders, server per user salts, and authentication hashes were compromised.
“In our investigation, we have found no evidence that encrypted user vault data was taken, nor were that LastPass users’ accounts accessed. " the statement reads.
He added, “We are confident that our encryption measures are sufficient to protect the vast majority of users. It strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.”
In order to secure its data, the company is taking additional measures. It has asked all the users who are logging in from a new device or IP address first verify their account by email, unless they have multifactor authentication enabled.
According to the notice, emails have been sent to all users regarding the security incident.
“We are working to notify users as fast as possible,” Siegrist said.
Moreover, the company will also be prompting users to update their master password.
“However, if you have reused your master password on any other website, you should replace the passwords on those other websites,” he said.
Though the passwords stored in the vault is not said to be compromised, it is better to change those passwords also- Don't give a chance to hackers.
