So, we’ve got good news and bad news. Good news is that the hacking attempt against LastPass from this August didn’t result in any user data getting stolen. Yay! However, it did allow hackers to steal some knowhow, which enabled them to target a LastPass employee, through which they — well — stole user data. Boo!
Now, we’ve got to commend LastPass for remaining transparent as per its own promises and sharing the story via a blog post. While it’s easy to make a jab here, we’re also certain that the situation is difficult for them as well.
While the hackers didn’t get any live data — as in up-to-date info, which is being stored and used in real time by LastPass servers — they did get their hands on backups. Since most people aren’t in the habit of randomly changing their passwords, in most cases these backups probably, maybe contain relevant information.
Here’s a list of the types of info which is confirmed to have been retrieved:
Company and user names
Billing addresses
Emails
Mobile numbers
IP addresses
Suffice to say, in some cases, the malicious third party may have their hands on a full package of user data. No good at all. But what about usernames and passwords — the main types of data, which the company handles?
Well, those have been stolen too; however, they remain encrypted. That means that thanks to LastPass’ Zero Knowledge architecture, the culprits won’t be able to figure any of them out, until they know your master password.
What should I do to keep my LastPass account safe?
As claims stand, if you were to utilize them, the hackers would need quote-on-quote “millions of years” in order to brute force — guess, but in IT terms — your passwords with current day technology.
Another thing that you should do is remain vigilant for social engineering or phishing attempts, even if you did change your passwords. These are often emails or DMs that try to convince you to give them your login info, through making you feel pressured to share.
Recommended Stories
This is your kind reminder that no respectable company out there would ever do that. If they do, you should definitely question their respectable-ness. And a good means of questioning is by double checking.
For example, if — presumably — your bank calls and asks for your online banking information, try to postpone the call in order to call your actual, non-presumed bank, and ask them if they just called you to ask for that info. The answer will likely not be shocking.
This image is here primarily for ironic and comedic purposes, due to its text.
So given that this December is starting to feel like a rerun of last December (when LastPass users reported odd login attempts), we’ve got to ask: what is the company doing in order to prevent future mishaps? Well, they’ve been transparent regarding this too.
Honestly, they are doing the best possible thing: eliminating everything that has something to do with the stolen know-how and rebuilding a brand new system from scratch, with enhanced protection and alert mechanisms.
LastPass CEO Karim Toubba stated that as of now, there is no need to take further action. They even go as far as saying that if your current master password complies to the aforementioned best practices, you can even go on without changing it.
But, though the nature of life is such that few things remain consistent over time, one thing always does: better safe than sorry. We strongly recommend that you familiarize yourself with how to build a strong password and utilize that knowledge to its full extent.
Stan, also known as Stako, is a smartphone enthusiast who loves exploring the limits of Android customization. His journey with mobile tech began with the Nokia 5110 and evolved with devices like the BlackBerry 9350 Curve and Samsung Galaxy A4. Despite his love for Android, he holds equal respect for Apple, considering the iPhone 4s as a significant milestone in mobile tech. Stan started his writing career early, contributing to MetalWorld, and harbors a passion for creative writing. Beyond smartphones, he's interested in photography, design, composition, and gaming, often preferring solo projects to hone his objective thinking. He's also an avid student of open-source technology and consoles, with a special fondness for the Pebble Watch, Arduboy, and Playdate.
Recommended Stories
Loading Comments...
COMMENT
All comments need to comply with our
Community Guidelines
Phonearena comments rules
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: