LastPass, and other password managers like Dashlane and Roboform, were created to address the issue that passwords are a notoriously poor form of security. People tend to use weak, easy-to-remember passwords, re-use passwords across a multitude of accounts, and forget to change their passwords often enough (if at all). LastPass’ solution allows its users to only have to remember one strong master password, which is used to access all individual account logins and passwords stored by LastPass in encrypted user vaults.
LastPass says it discovered and blocked “suspicious activity” on its network. Further investigation revealed that e-mail addresses, password reminders, server per user salts (data added to passwords to make them harder to crack), and authentication hashes were all compromised. No accounts were compromised, and attackers did not gain access to encrypted user vault data.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now