Skip to main content

Hackers May Have Stolen Details Of 1.25m LastPass Accounts

LastPass, a company that allows its users to manage their passwords online, has revealed that it has detected anomalous traffic at its data center which might be due to hackers.

The company said on its website: "We know roughly the amount of data transferred and that it's big enough to have transferred people's email addresses, the server salt and their salted password hashes from the database."

The potential breach was discovered when the LastPass security team took a look at their logs and tried to explain every anomaly; unfortunately, they couldn't explain one that emanated from one of their non-critical machines and lasted for a few minutes.

Ironically, LastPass is supposed to help users manage their growing number of passwords and security logins, which is possibly why it could have been such an interesting target for hackers in the first place.

LastPass has urged its users to change their master passwords as soon as possible; access to that master password would have given any hacker the possibility to access scores of other passwords.

But, in stark contrast to what others have done in the past, LastPass apparently had a plan for such an eventuality and has forced all its customers to change their master passwords as a precautionary measure.

In addition, they're introducing a new feature called PBKDF2 or Password-Based Key Derivation Function which they hope will reduce the risk of hackers accessing customers information in the future even if they managed to breach LastPass's servers.