LastPass has requested users to change their master passwords as early as possible after an attempted hacking. Joe Siegrist, CEO, confirmed the hack in the company blog and mentioned that the user vaults were not accessed by the hackers.
On Monday, the company revealed the details of the LastPass hack and said that the email addresses and the encrypted master passwords were compromised. However, according to the company, the hackers could not access individual user accounts. The login information are also secured.
The blog mentioned, “We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed.”
LastPass was made to provide better data security to users who have to create a lot of passwords. It’s quite common to have the same password for more than one account, and it’s also common to forget changing those passwords often. With LastPass, you require remembering just a master password that has to be strong. LastPass will take care of the remaining.
The LastPass master password is encrypted in such a way that even after encryption, it will be difficult to crack. The company’s press contact, Erin Style, also mentioned that the passwords are hashed thousands of times before it is actually sent to the company and again hashed 100,000 times before they are actually stored.
LastPass is recommending users to change their master passwords as early as possible and for people with weak passwords, the requirement is more severe. The company has also requested users to enable multi-factor authentication. LastPass now requires this method for those who log in to their account through a different device or a different IP address.
Users are quite confused about the whole matter. While many received mails from the company for password change, many still haven’t. It might be tough for the company to gain back the confidence after the hacking.