The popular password storage service LastPass announced earlier this week that there has been a LastPass Security breach in which its user’s main passwords could be compromised.
On June 15th 2015, LastPass emailed it’s users a notification alerting them to the LastPass security breach stating that their team “discovered and blocked suspicious activity” on their network. Through their investigations they have found “no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed” however the investigation has shown that “LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised”.
They have advised LastPass users change their master password as soon as possible and that if the password has been used on any other services that gets changed too. LastPass have told its users that as “encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault”. They went on to add that they “recommend enabling multifactor authentication for added protection for your LastPass account”.
Reporting on this LastPass security breach, the popular technology blog ‘The Register’ has commented that “it’s not impossible for someone brute-force the process and discover your master password. However, if your master password is complex, you should be safe – it will take an attacker far too long to crack your passphrase. Setting up two-factor authentication kills the problem dead, anyway”.