Hackers get personal servers LastPass




Administrators of the password manager LastPass announced that hackers captured personal data from its servers. It was not going to password archives, but to include email addresses and password reminders.

The hack was discovered last Friday by administrators of LastPass. After an investigation concludes that there is no LastPass password encrypted archives or LastPass accounts are stolen, but that there are other sensitive data is captured. It would be email addresses, password reminders, server per user salts and authenticatiehashes.

The operators claim that by LastPass used encryption on its server park is strong enough to adequately protect the password data from almost all users, for example against brute force attacks. Thus, at the server level PBKDF2-sha256 encryption applied on top of the encryption of the password archives on the user side. It also says that the Load Pass authenticatiehashes on the basis of an arbitrary salt are generated.

Nevertheless warns LastPass in particular users using a weak master password for their passwords archives this password should be changed as soon as possible. Also, users who use this password on other sites is strongly recommended to do so. As a precaution, there is for all new logins from unknown IP addresses or device checking the account via e-mail is necessary, unless two-factor authorization is set. The master password must be refreshed in that case.

LastPass said he regretted the incident but promises to be as transparent as possible about the burglary. The company also claims that along with security experts and authorities will further investigate the hack.


In: Technology & Gadgets Asked By: [15554 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »