The service password management has suffered a theft. The company has reported in a note sent publicly, individually informing email all users whose data might be compromised.
The service password management LastPass was the victim of a theft of data. He reported the same company last Friday when they were observed of ” suspicious activity ” on the networks of the service. At the moment there seems to have been stolen specific data among the most sensitive users, the attackers were able to get the email addresses of some subscribers and some data on the master password used.
We do not know how the attack had originated, and what methods have been used, but it seems that the attackers have practiced a bout of social engineering and other strategies not too complex. LastPass has stressed that it has closed any suspicious activity on Friday, but we do not have information on the duration of the attack, and we do not know how the attackers managed to keep the connection with the systems of the company.
The data of the vast majority of users should still be safe. The company wrote that it is certain of the effectiveness of measures taken encryptions, ” sufficient to protect the majority of users. ” Nevertheless, LastPass is taking safety maneuvers even more aggressive to ensure that there are no further data loss, and are also informing all users potentially affected by email.
An attack of this type is usually more damaging when it is not discovered in time, so the spread of known security should already reassure users of the service. In addition, among the data violated we are the master password protected functions hashing and salting, certainly sensitive, but difficult to decipher. A risk could be the password less reasoned and safe, already deductible combining hashes and sensitive data stolen (personal information, answers to security questions).
For this reason, LastPass recommends updating as soon as the master password with which to access the service, to enable log into two factors and to enable the verification e-mail from any log-in happens to new locations, in order to circumvent potential hazards from the potential theft of sensitive data.