Last week, the popular password manager, LastPass, announced a security breach – their system was hacked. According to their blog, “…account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”
What is LastPass?
LastPass is a service that seeks to simplify your life by providing centralized password management on the cloud. With the ability to store logins, users can maintain more unique, complex passwords for every account – improving their online security.
Upon signup, users create a “master password” that they must remember, which allows access into the management tool. The list of passwords are encrypted and stored on LastPass servers, so users can access them from any device.
What was the security breach at LastPass? Did it expose my master password or list of passwords?
On Friday, June 12, the LastPass team “discovered and blocked suspicious activity on [their] network.” After investigating the issue, their team noticed that the following had been compromised:
- Account email addresses
- Password reminders
- Server per user salts
- Authentication hashes
The cyber attack did not expose encrypted user data. According to LastPass, “Encrypted user vaults were not compromised, so no data stored in [a] vault is at risk (including form fill profiles, secure notes, site usernames and passwords).
In addition, master passwords were not taken, but LastPass advises that users change their master password if they believe it is weak or if they use it to login to other sites online. A weak or re-used password makes your LastPass account vulnerable to hackers gaining access.
At SeedSpark, we want to protect you from potential security threats online, and using strong, unique passwords can help. Take a look at our tips for better password security, here. If you have any additional questions about LastPass or other security threats, please call or email us today!