Here’s another hacking incident for you to be aware of, or at least a potential one. And an embarrassing one considering the nature of the company it may have happened to.
LastPass is a multi-platform password manager which holds all of your different net passwords under one master password, in the company’s words, “making browsing the web easier and more secure”.
Not when they have their database hacked and your master password stolen, it doesn’t. We should point out, however, that the company isn’t certain a hacker has accessed its systems just yet.
They did, however, detect anomalous traffic which they couldn’t find a root cause for, so are assuming the worst: that their database has been accessed by an intruder.
As a result, LastPass issued a forced change of master password as a precaution – but the huge rush of users attempting the alteration at the same time caused a severe strain on the company’s system.
Everything got a bit messy and some folks were apparently locked out of their accounts, unable to change their passwords (or even locked out after they’d made the switch).
LastPass says it has identified an issue with approximately 0.5% of users which impacted their master password change, and its focus is currently on resolving these problems.
The passwords themselves were hashed, a type of one-way encryption which means that if hackers have got away with password data, they’ll still have to crack it.
The only way to do that is to brute-force the encryption, which will only have a chance of succeeding with simple dictionary word passwords. Anyone who employed a combination of letters, numbers and other characters – a strong password, as it’s known in the trade – isn’t in any danger of being brute-forced.