World Report Now

Breaking News

Thursday, April 22, 2021
Log in
  • Headlines
  • U.S.
  • World
  • Business
  • Entertainment
  • Sports
  • Sci-Tech
  • About/Contact
  • Staff
  • Latest News
    • 7-Year-Old Dead Body Found in a Chimney
    • Is Watching Porn a Healthy Habit
    • The Only Poisonous Snake Species in Michigan Protected by Law
    • Largest Penis Record Holder Refuses Penile Reduction Surgery
    • 2016’s Funniest Passwords
    • Stop Rage Quitting and Take It like a Man
    • Miracle Cure For Autism is Dangerous
    • Best PC Games to Play with An Xbox 360 Controller
    • Gene Responsible for Gray Hair Was Discovered
    • Diabulimia Is a Dangerous New Threat for Diabetic People
    • Google Launches ‘Feeling Woof’ and ‘Feeling Meow’ Apps as Part of April Fool’s
    • Facebook and Instagram Servers Went Down, Leaving Users Confused
    • Hero Golden Retriever Saves Owner from Blizzard
    • UAE Astronomers Want to Grow Crops on Mars
    • Starbucks Shares Plummet as U.S. Membership Growth Turns Backwards
Home » Sci-Tech » Cloud-Based Password Manager LastPass was Hacked, Again

Cloud-Based Password Manager LastPass was Hacked, Again

June 20, 2015 by Peggy Schmidt Leave a Comment

Cloud-Based Password Manager LastPass was Hacked, Again

On June 15, LastPass, the freemium cloud-based password manager site announced in a blog post that its servers had been breached and passwords, e-mail addresses and password-reminders were leaked.

Users were urged to quickly change their master-passwords. Moreover, the site staff failed to retrieve files containing passwords called “vaults.”

But users should not panic, experts claim, at least if the company stays true to its promises of retaining and securing password data.

Unlike other password managers such as AgileBits’s 1Password app, LastPass does not only store passwords on its customers’ devices. It also retains a central database of the passwords for synchronization purposes. So, users but also hackers can access the password stored on the company’s website.

Yet, the data breach will not have the consequences other companies such as LinkedIn had to put up with several years ago since there isn’t a single key to access all accounts regardless of them sharing the same password.

Common password management services use an encryption algorithm dubbed a “hash,” which is a message compressed through various operations into a nearly-impossible to decipher code.

Hashes’ main role is to make sure that the initial message is not modified and they cannot be used to reproduce the original message. A password manager site only stores the hash of the message.

But because all hashes from the same message are identical, a hacker needs to only look up for the most common passwords to crack the accounts. For instance, if 10,000 users have as password “1234,” 10,000 accounts are compromised. That’s how the 2012 data breach at LinkedIn occurred.

But cyber security experts claim that LastPass uses methods that can make any hacker’s life a living nightmare.

First, every password has a unique signature called a “salt” that goes into the hash every time the password is compressed. This signature forces two identical passwords to generate very distinct hashes.

So, if the site has a million accounts, a hacker needs to perform millions of tests just to crack the accounts that use the same password.

Second, LastPass performs thousands of hashing operations when storing a password. So, each operation translates into additional calculations for the hacker.

According to the company’s blog site, the data breach occurred Friday afternoon. It is the second major security issue the company faces since the 2011 cyber attack. LastPass announced Monday that “encrypted user vault data” was not compromised, while no account was breached.

“The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised,”

the company added in their blog post.

As a consequence, the firm requests from users that try to log into their accounts from a different device or new IP address should first pass a two-factor authentication process.

Image Source: LastPass (blog)

Filed Under: Sci-Tech

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Left brain hemisphere made of circuits next to a right brain hemisphere made of paintbrush lines

Norman the Psychopath AI Shows Us the Dangers of Artificial Intelligence

June 7, 2018 By Henry Williams Leave a Comment

atom illustration

New Study Analyzes Unique State of Matter, an Atom Full of Atoms (Study)

February 27, 2018 By Renee Randazzo Leave a Comment

sunflares on the surface of the sun

The Sun Expected to Get Dimmer and Cooler, According to New Study (Study)

February 13, 2018 By Renee Randazzo Leave a Comment

expedition 54 crew members

Three New Astronauts Join ISS Crew

December 21, 2017 By Renee Randazzo Leave a Comment

Person scrolling on a smartphone

Austrian Designer Challenges Smartphone Addiction by Creating a Substitute Phone for You to Scroll On

November 28, 2017 By Henry Williams Leave a Comment

Molecules of E. coli bacteria

Researchers Created the First Tape Recorder Bacteria by Using the CRISPR Techique

November 25, 2017 By Peggy Schmidt Leave a Comment

Interview at Web Summit held in front of the event's colored panel

Tech Experts Propose Artificial Enhancement of the Brain During This Year’s Web Summit

November 11, 2017 By Henry Williams Leave a Comment

Bright elliptical galaxy

Researchers Spot Distant Galaxy Almost as Old as the Big Bang (Study)

November 9, 2017 By Peggy Schmidt Leave a Comment

Offshore wind turbines of a wind farm

An Ocean Wind Farm Might Offer an Unlimited Energy Supply

October 11, 2017 By Renee Randazzo Leave a Comment

turbines used in wind energy submerged in water

Underwater Turbines Produce Electricity By Using the Power of the Waves

September 25, 2017 By Renee Randazzo Leave a Comment

overwatch screenshot

Next Free Weekend on Overwatch Starts Sept 22, Yet Updates Are Still Slow

September 17, 2017 By Peggy Schmidt Leave a Comment

children in classroom

Scientists Concluded that Later School Time Could Improve U.S. National Economy

September 5, 2017 By Renee Randazzo Leave a Comment

mark zuckerberg

Facebook Is Determined to Launch Flagship Video Chat Hardware in May 2018

August 25, 2017 By Dawn Saunders Leave a Comment

agents of mayhem poster

Agents of Mayhem Is a Refreshing Video Game from the Saints Row Universe

August 17, 2017 By Renee Randazzo Leave a Comment

Categories

  • Business
  • Education
  • Entertainment
  • Headlines
  • Health
  • Nature
  • Sci-Tech
  • Science
  • Sports
  • Technology
  • U.S.
  • Uncategorized
  • World

Copyright © 2021 · Genesis Framework · WordPress · Log in