Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Lastpass hacked.  (Read 3511 times)

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Lastpass hacked.
« on: June 16, 2015, 12:13:03 PM »

Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Lastpass hacked.
« Reply #1 on: June 16, 2015, 12:15:20 PM »

More info

Quote
Bad news first, folks. LastPass, our favorite password manager (and yours) has been hacked. It’s time to change your master password. The good news is, the passwords you have saved for other sites should be safe.

Quote
LastPass has announced on their company blog that they detected an intrusion to their servers. While encrypted user data (read: your stored passwords for other sites) was not stolen, the intruders did take LastPass account email addresses, password reminders, server per user salts, and authentication hashes. The latter is what’s used to tell LastPass that you have permission to access your account.

According to LastPass, the authentication hashes should be sufficiently encrypted to prevent anyone from using them to access your account. However, the company is still prompting all users to update their master password that they use to log in to their LastPass account. If you use LastPass, you should do this immediately.

http://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Lastpass hacked.
« Reply #2 on: June 16, 2015, 04:16:56 PM »

Unfortunately, the subject of this thread does not surprise me.  :-X  I would never trust any organisation attempting to provide such a service.  :no:
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Lastpass hacked.
« Reply #3 on: June 16, 2015, 07:49:00 PM »

I must admit the theory is very good...  but I myself haven't used one because of fears of something like this happening.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

vic0239

  • Reg Member
  • ***
  • Posts: 519
Re: Lastpass hacked.
« Reply #4 on: June 16, 2015, 09:08:20 PM »

I must admit to using this service and was notified by email overnight of this breach. I find it difficult to remember all the login passwords and memorable data I have and certainly I can’t remember the unpronounceable ones. It is also very convenient to have access to this information when travelling. Apparently none of the encrypted data was accessed, but I have changed my password which automatically re-encrypts the data and have multi factor authentication enabled, so I am pretty confident my data has not been compromised. :fingers: However, I did have a bit of a wobble when I first read the email and blog. :o
Logged
Lothian Broadband 900/900 + AAISP VDSL, Vigor2865Vac, MikroTik rb260gsp, ZyXel NWA50AX WiFi AP.

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Lastpass hacked.
« Reply #5 on: June 16, 2015, 09:14:19 PM »

The thing is with the complexity of passwords that we are advised to use and use a different password on each site, it makes it impossible for the average user to do this and remember them all.

Quote
It is also very convenient to have access to this information when travelling.

Indeed, because that is were I would come unstuck and one of the reasons why I was at one time considering using it myself.   

Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

oldfogy

  • Helpful
  • Kitizen
  • *
  • Posts: 3568
  • If it ain't broke....... I'll soon fix it.
Re: Lastpass hacked.
« Reply #6 on: June 16, 2015, 11:57:21 PM »

Quote
Dear LastPass User,

We wanted to alert you that, recently, our team discovered and immediately blocked suspicious activity on our network. No encrypted user vault data was taken, however other data, including email addresses and password reminders, was compromised.

We are confident that the encryption algorithms we use will sufficiently protect our users. To further ensure your security, we are requiring verification by email when logging in from a new device or IP address, and will be prompting users to update their master passwords.

We apologize for the inconvenience, but ultimately we believe this will better protect LastPass users. Thank you for your understanding, and for using LastPass.

Regards,
The LastPass Team

Although I don't use LastPass at all but I may of registered because I do remember taking a look but decided against using it, which is probably where my details have come from for them to send me the email notification above.
Logged

UncleUB

  • Helpful
  • Senior Kitizen
  • *
  • Posts: 29543
Re: Lastpass hacked.
« Reply #7 on: June 18, 2015, 11:19:57 AM »

I use LastPass,have done for quite some time without any problems.I find it very useful but do not save any financial sites I use on there.I have just changed my master password as a precaution.  :)
Logged

oldfogy

  • Helpful
  • Kitizen
  • *
  • Posts: 3568
  • If it ain't broke....... I'll soon fix it.
Re: Lastpass hacked.
« Reply #8 on: June 18, 2015, 02:08:48 PM »

I'm still old school with a written list, obviously with a title that is nothing do do with password etc but also does not contain any banking information, that's still down down to pen and paper.

I just checked my written list (excel sheet) of sites requiring a password and the count is 88 (I think that's all of them), I find it convenient because it also has a link to the site, so in a way it's a bit like having your list of favourites complete with passwords all in one place.

Not forgetting one of the main problems I don't think is forgetting ones password, but more likely to be not remembering the correct user name, because if the username you would like to use has already been taken then you have to chose something with a slightly different format, even my 'oldfogy' has been rejected on some sites simply because at some stage someone else decided to use it, and much the same as with 'Phil-H, Phil_H, phil-h, phil_h,  ........... the combinations are endless
Logged

vic0239

  • Reg Member
  • ***
  • Posts: 519
Re: Lastpass hacked.
« Reply #9 on: June 18, 2015, 05:12:59 PM »

I have over 200 entries on LastPass and used to maintain a list on my computer, but was nervous about having such information stored locally as I was certain my bank might frown upon such a practice. However the other evening I had to call my bank for assistance with my online banking and was advised to write my details down!  :o This advice given presumably because the young lady on the help desk assumed I was of an age that I could not remember my password when in fact the bank’s system had decided to change my username to some random string.  >:( However I didn’t mention I kept my login details on LastPass so could not have had such a lapse of memory, the banks can become quite uppity about such matters.  :)
« Last Edit: June 18, 2015, 05:15:18 PM by vic0239 »
Logged
Lothian Broadband 900/900 + AAISP VDSL, Vigor2865Vac, MikroTik rb260gsp, ZyXel NWA50AX WiFi AP.

Dray

  • Kitizen
  • ****
  • Posts: 2361
Re: Lastpass hacked.
« Reply #10 on: June 18, 2015, 06:43:38 PM »

Quote
According to LastPass, the authentication hashes should be sufficiently encrypted to prevent anyone from using them to access your account.

I agree, they should be. The question is, are they?

It's a bit too woolly for my liking :(
Logged