Lastpass network hacked - Change your master passwords

Raumarik

Raumarik

Raumarik

Soldato
Joined
14 Jul 2003
Posts
14,864
http://www.theregister.co.uk/2015/06/15/lastpass_data_breach/

Just thought I'd throw this into this section, know there's a few of us who use it. I'm not overly worried personally although I'll obviously change my master password.

At time like this I wish I'd stuck with keepass but to be honest I had so many self inflicted issues with it compared to Lastpass it's probably best if I just stay with it :p For the moment if you try to login from a new IP you'll be asked to verify it via e-mail, similar to Steamguard.
 
bledd. said:
Came to post the same thing.

This is why I use KeePass!
Click to expand...

Is KeePass any good, was looking at a last pass alternative, I assume it plugs into the browsers the same or is it stand alone and you just copy the details out of the database into the user/pass fields?
 
came on to post as well

Dear LastPass User,

We wanted to alert you that, recently, our team discovered and immediately blocked suspicious activity on our network. No encrypted user vault data was taken, however other data, including email addresses and password reminders, was compromised.

We are confident that the encryption algorithms we use will sufficiently protect our users. To further ensure your security, we are requiring verification by email when logging in from a new device or IP address, and will be prompting users to update their master passwords.

We apologize for the inconvenience, but ultimately we believe this will better protect LastPass users. Thank you for your understanding, and for using LastPass.

Regards,
The LastPass Team
 
Grey M@a said:
Is KeePass any good, was looking at a last pass alternative, I assume it plugs into the browsers the same or is it stand alone and you just copy the details out of the database into the user/pass fields?
Click to expand...

Keepass has some browser integration tools but I don't use them. I just prefer to copy and paste what I need
 
I hope this is a one off and not "state sponsored" naming no names. They do tend to hit all similar sites at once to data mine before the security flaws are closed.

It's a good job I only have sites of little interest in my locker. everything else is put in by hand.
 
This is the official post from Lastpass - https://blog.lastpass.com/2015/06/lastpass-security-notice.html/

They say that all the passwords are still encrypted and they have prevented anyone acccessing the vault from new/unknown IP's until the master password is changed so it does sound like multi-factor security has worked.

Gotta say though...I am worried.

I have loads of things in there for a variety of different sites, it's got to the stage now where everyone uses digital for everything but there seems to be no sure fire way of protecting the accounts.

Other people have said they are glad they use different programs...why though? What makes other programs better than Lastpass? Or has Lastpass just shown how strong it is in security by being breached but still protecting user data?

I have to admit I'm not that great on understanding the proccesses behind security/hashed passwords and all that, so I rely on articles to explain it to me!
 
TheBigCheese said:
This is the official post from Lastpass - https://blog.lastpass.com/2015/06/lastpass-security-notice.html/

They say that all the passwords are still encrypted and they have prevented anyone acccessing the vault from new/unknown IP's until the master password is changed so it does sound like multi-factor security has worked.

Gotta say though...I am worried.

I have loads of things in there for a variety of different sites, it's got to the stage now where everyone uses digital for everything but there seems to be no sure fire way of protecting the accounts.

Other people have said they are glad they use different programs...why though? What makes other programs better than Lastpass? Or has Lastpass just shown how strong it is in security by being breached but still protecting user data?

I have to admit I'm not that great on understanding the proccesses behind security/hashed passwords and all that, so I rely on articles to explain it to me!
Click to expand...


With KeePass, the db is stored locally, not on the internet.
 
KIA said:
Nothing to worry about as long as you use a strong master password.
Click to expand...

OK that's a bit of a relief then!


bledd. said:
With KeePass, the db is stored locally, not on the internet.
Click to expand...

I can certainly see the advantages of that! I do use it on my phone as well so that would be inconvenient having it locally, also I suppse there is a risk if your computer crashes/destroyed/stolen.


I'm quite surprised this thread hasn't taken off more, thought it would have affected more people on here!
 
I have been using lastpass for a few years. I bought premium last year. It is a great service but i must admit i am a little concerned about this recent intrusion.

I have 2FA set up and a decent master password. I changed my master password to a longer one last night.

I must look into keepass, but lastpass makes things easy. I have a score of 90% on it, but will look into alternatives in the coming days and may change.

I must purchase a YubiKey as well
 
Feel silly after buying this only 3 weeks ago after keeping having to reset my passwords (keep forgetting them)

I have auth to my phone but will look at other means too.
 
Already use 2FA and my master password is 30 chars/numbers/symbols long so don't feel it needs changing. If anything, it shows how tight of a ship LastPass is running - this isn't a major issue providing your own security (i.e. master password) was strong to begin with.
 
Interested to know why everyone is panicked, the intrusion got nowhere and the protection in place was strong enough to stop the hackers from gaining any information.

They have now added further mechanisms to prevent it from happening again and been honest about it, hackers can get as far as they did just as easily with any other of these managers as long as the encryption is good enough there's nothing to worry about.
 
Lartyconshayo said:
Keepass has some browser integration tools but I don't use them. I just prefer to copy and paste what I need
Click to expand...

bledd. said:
Same here, but I open it up, glance at the password and type it in.
Click to expand...

Thank's for the info, I would type my passwords but with a different password for everything and the minimum length being 28 characters, I can remember the usual ones, those I use here and there I keep forgetting which is why I jumped to LastPass.

Will look into KeePass as I don't use the Android versions as most apps have the passwords and its services I use daily in most cases so can remember them.
 
You must log in or register to reply here.
Back
Top Bottom