Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

'Password safeguard' firm LastPass got hacked into!

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

June 16, 2015

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

'Password safeguard' firm LastPass, a company that supposedly stores people's passwords in a 'secure manner' just got hacked into.

LastPass lets people store passwords online so they can easily access them all with one single master password. The idea makes sense, but now people are finding out how really secure such services are.

Yesterday, LastPass went public and said that hackers broke into its server system and successfully gained admin and root access to user email addresses, password reminders, and even encrypted versions of people's master passwords.

Keeping all your passwords in a single place on the Web might not be such a great idea after all, and there are now many victims that are finding out about it.

LastPass said it discovered the digital break-in on Friday. It's still very early in its investigation, but if LastPass is right, hackers didn't manage to grab plain text versions of the all-powerful master passwords.

"We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed," LastPass said.

Nevertheless, hackers still managed to get ahold of encoded versions of people's passwords. But if your master password is simple and common, like Password123 or sex789, these hackers can crack it in no time.

Hackers can also easily rent computer servers and use their enormous computing power to rapidly decipher all the other passwords.

"With this single security breach, attackers seem to have all they need to start brute-forcing any master password," said Tod Beardsely, a research manager at cybersecurity firm Rapid7.

Worse, hackers also managed to get ahold of all the user password reminders on LastPass as well. So, you're out of luck if your question is something like, "Where were you born?" Anyone can figure that out using public records or social media accounts.

Those identity thieves now have access to critical personal information such as email accounts, social media, banks, hospital records-- just about anything you can think of.

Cybersecurity experts reacted strongly to the news. For several months, most of them have touted LastPass and similar services as an elegant solution to one of today's annoying problems of keeping track of several passwords.

To be sure, always keeping the same password is outright reckless but remembering dozens of them is a daunting task for most people.

Options such as LastPass or similar services rely entirely on trusting an unknown company to protect your precious data.

This security breach truly underscores the importance of keeping passwords in a very safe place and not entrusting them to complete strangers.

LastPass yesterday urged its users to quickly change their master passwords. And as every hacked company does, it assured users "security and privacy are our top concerns here at LastPass."

David Longenecker, an independent cybersecurity expert in Texas, complained that LastPass posted a public post about the incident before warning its users to change their passwords.

"I would have preferred getting the PSA to change password from you, versus through the grapevine," he wrote publicly to the company on Twitter.

As always, in this latest password database theft the only people who are protected are those who set up an extra security feature-- two-step authentication, which requires a text message as a second passcode.

Source: LastPass.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer