LastPass, a web service that works to keep users’ passwords safe and handy reported that their service has been hacked, putting only a minority of users at risk.
The web service reported in a blog post that the breach attempt was timely noticed and the attackers did not have the time to gather sufficient valuable data to be able to use in cracking accounts of LastPass users.
The damage was restricted only to a minor amount of email addresses, as well as password-reminders, but not master passwords encryption. However, the damage did not extended to the vaults – password containing files.
Ironic as it may sound, it is expected that the place to go to for en-mas data retrievals are services the likes of LastPass, AgileBits, 1Password or KeePass.
Nonetheless, the majority of these use encryption systems and algorithms that are rather difficult to hack, making it fairly improbable that actual passwords entrusted to the services are ever retrieved by malicious crackers.
While the data retrieval from LastPass is shaking users’ confidence in a small percentage, tech blogs and posts explained why the whole affair is not so worrying. Yes, password reminders and some email accounts have been stolen. From here to actual successful login-in from someone else than the owner of the account, there’s a long way to go.
Individual passwords or users’ accounts are a hard thing to break into due to LastPass’s encryption and security measures. As a precautionary measure, LastPass recommends users to change their master passwords. Individual passwords connected to all other accounts may remain the same, unless they’re weak passwords like “password” or strings of numbers.
There are multiple ways in which services like LastPass work. One of them would be to store the information submitted to the password-storage service directly on the devices. AgileBits and 1Password work like this. 1Password is able to synchronize data across platforms, yet the vaults belong the users and passwords are neither stored by not disclosed to AgileBits.
Similarly, LastPass enables users to store their passes on their own devices. At the same time, it offers sync and central storage. This allows LastPass users to access their passwords through the web service and multi-platform client apps.
And while the state of the art encryption algorithms utilized by LastPass have made the service an example in the tech world, the company recommends that master passwords that give away access to the vaults are changed.
Image Source: business2community.com