If you’re one of the millions of PC users who keep their data secured on LastPass, then it’s time to change your password.
LastPass recently experienced an attack that may have leaked some data onto the internet.
The news was announced on June 15, 2015 and the leak was experienced on Friday, June 12. Here’s what LastPass had to say about it in a blog post:
“We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”
LastPass also added that it was confident that its encryption measures were sufficient to protect “the vast majority of users”. Each authentication hash is secured with a random salt and 100,000 rounds of sever-side PBKDF2-SHA256.
In other words, even when someone steals data, they probably won’t be able to access that data because it’s all encrypted.
LastPass has also integrated a temporary security system where it requires you to confirm your identity when logging in from a new IP address or location. You need to verify your account by email or use multifactor authentication.
Change Your Master Password if it Used a Real Word
LastPass is still warning users to update their Master Passwords. It’s better to be safe than sorry – you never know what kind of technology attackers are using or if they’ve found a greasy way to break through encryption. Or they could just get lucky.
You increase your chances of data loss substantially when you use a dictionary-based word or real name in your password. Say, if your password is mustang, 123456, or andrew1, then you are way more likely to be hacked. If that’s the case, then LastPass is urging you to change your password immediately.
You do not, however, have to change the passwords secured in your LastPass Vault. Just change your Master Password – and do it now.