The hack was confirmed last Friday and the company has asked users to update their master passwords
It is quite an unfortunate incident when a firm that helps save passwords of users gets hacked. LastPass is a company that makes it easier for customers to store their passwords online and also grants access to master passwords. Yesterday, it announced that hackers have been successful in their mission to break into the system and gain access to user emails/passwords (even the encrypted ones).
What worries more is the combination of data that was stolen. Many people try to keep combinations that may be related to them, such as their birth dates or any life event. There are also several ways to crack encrypted data such as “brute forcing” or rented computer server firepower.
The flaw was discovered on Friday. The company said that it is hardly possible for hackers to crack its encryption measures. However, it is taking some strong measures to ensure that the data isn’t leaked out. In this regard, it requires all users who sign in from their new IP addresses to first authenticate themselves through their email addresses. It also insists on them to update their master passwords for security reasons.
Many users try to keep a uniform password for all their accounts, as it is annoying to remember different passwords at a time. Another option for them is to rely on a company to remember their passwords. Through this hack, the lesson learnt for users is that they must not reveal their passwords even if they have full faith in a company because hackers can eventually find their way in. The best way is to use a password manager to deal with this hassle, says Jon Oberheide, an executive of a cyber-security firm named Duo Security. Moreover, companies such as Facebook tend to follow a two-step verification system that verifies user originality through a text message passcode that must be entered on the web.