LastPass Gives Breakdown On Possible Hack
A popular third-party password manager, LastPass had recently revealed that it may have been hacked and that some e-mail usernames and passwords were probably stolen. Seth Rosenblatt from Cnet discusses the recent situation with LastPass. Rosenblatt states that people use third-party password managers is because the 256-bit AES encryption it offers is sufficient to keep passwords safe and it makes computing a whole lot easier for some of us who have more difficult and more varied passwords for our different applications and websites.
LastPass also uses salted hashes, which are random binary numbers that are used with a password to ensure that the data transfer is legitimate. Instead of letting things happen after the fact, LastPass was very upfront with its users in saying “After delving into the anomaly, we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server). Because we can’t account for this anomaly either, we’re going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed.
The company went on to say “We know roughly the amount of data transfered and that it’s big enough to have transfered people’s e-mail addresses, the server salt, and their salted password hashes from the database. We also know that the amount of data taken isn’t remotely enough to have pulled many users’ encrypted data blobs.” While LastPass figures out exactly what happen, the company recommends all its users to reset passwords with nondictionary words, preferably alphanumeric too.