LastPass reports security breach, but says encrypted user vault data safe
Password management company LastPass has revealed that it discovered and blocked suspicious activity on its network last week. While the company is claiming that there was no compromise of user accounts as well as encrypted user vault data, it said that hackers were able to access some information including email addresses, password reminders, server per user salts, and authentication hashes.
“We are confident that our encryption measures are sufficient to protect the vast majority of users,” the company said in a blog post. “LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.”
As part of additional security measures, those who do not have multi-factor authentication enabled, and are logging in from a new device or IP address, will now be asked to first verify their account by email. Additionally, users will also be prompted to update their master password, the company said.
Featured
Benchmarking Asus ZenFone 2 ZE551ML with Intel Atom Z3580 SoC and 4GB of RAM
Oppo R7 battery life test
Samsung Galaxy S6 updated to Android 5.1.1: exploring the differences on video
Your verdict on Android M, iOS 9 and Watch OS 2.0
Xiaomi Mi 4i battery life testCategories
- Mobile phones
- Mobile software
- Mobile computers
- Rumors
- Fun stuff
- Various
- Android
- Desktop software
- Featured
- Misc gadgets
- Gaming
- Digital cameras
- Tablets
- iOS
- Desktop computers
- Windows Phone
- GSMArena
com - Online Services
- Mobile Services
- Smart Watches
- Battery tests
- BlackBerry
- Social Networks
- Web Browsers
- Portable Players
- Network Operators
- CDMA
- Windows
- Headphones
- Hands-on
Comments
Rules for posting