SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
19 Jun 2015

LastPass users need to change their passwords immediately

An online password manager can make your life much easier by automatically entering individual passwords for each website and service you visit. It is a very convenient tool – unless it is hacked.

In that instance, by discrediting a single password, cyber criminals can receive access to invaluable information, including banking credentials. LastPass, a popular password manager, has recently disclosed a network breach.

Attackers compromised user email addresses, password reminders, per-user salts and authentication hashes. The passwords themselves were not compromised, as the service doesn’t store them in its cloud. Nevertheless, LastPass recommends users change their LastPass master passwords and enable multi-factor authentication. Let’s give credit to the company: When LastPass found the breach, it quickly released a public warning.

To the hackers’ benefit, many large companies try keeping security breaches a secret, but not here. Still, potential consequences of the breach seem to be dubious. CEO and founder of LastPass Joe Siegrist claims that the incident will not influence “the vast majority of users”. Some researchers support this position, declaring there is no risk for users with strong passwords.

Other researchers consider that the breach can lead to a new wave of malicious activity aimed directly at LastPass users. Being armed with the list of real email addresses hackers can create a targeted phishing campaign to defraud the lacking data. For example, LastPass is advising users to change their master passwords.

What stops cybercriminals from spamming LastPass users with fraudulent letters, disguised as official ones? When people receive an unsuspicious email with warnings and recommendations from the “developers”, they can readily follow a link to change their master password — and give it right to the cyber criminals’ hands.

Here is what we can recommend to LastPass users:

  1. Follow official recommendations: Change your master password and enable multi-factor authentication. It would be absolutely great if you could enable it on other websites as well, e.g. on social networks and emails.
  2. Do not to click links in e-mail letters which claim they are from LastPass. These letters can be fake, that’s why it’s better to enter the url manually in your browser’s address bar.
  3. Be sure that you don’t use your master password on any other website. It’s always good to use different passwords for different services.
     

This is not the first time LastPass has had to deal with security issues. Last summer the University of California Berkeley revealed security flaws in five security managers, including LastPass. The other four were RoboForm, My1Login, PasswordBox and NeedMyPassword. As you may know, there is no perfect security solution. A company needs courage to take responsibility and reveal breaching incidents despite the risk of losing clients. Some LastPass users will want to switch to other services, while others will be loyal no matter what happens.

Tags:
LastPass password information leaks hackers
Source:
Kaspersky Daily
2546
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015