online password storage service LastPass report released Monday, the company’s network was hacked on Friday, the user’s email address, password and authentication information stolen by hackers in the attack. LastPass to remind users to change the account password as soon as possible and switch to other sites.
last week, LastPass discovered the attack immediately after the black part of the network on its activities, and launched an investigation. LastPass pointed out in the report, although the encrypted user database was stolen in the attack, but there is no indication that the user account was criminals login.
Lastpass is an online password manager and page filter, using strong encryption algorithms (using 256 bit AES keys), can help users save multiple website passwords, then automatically log on to the website. However, the LastPass automatically fill in the function, the password can be stored in a way to record the memory of the computer, hackers can extract the password through the memory dump.
Lastpass co-founder and CEO Joe Siegrist said to have certified Hashi (a computer algorithm of Hash function, strengthen the protection, use) and random factors in the client outside the PBKDF2-SHA256 server implementation cycle 100 thousand. This will greatly increase the difficulty of quick attack stolen hash.
this is not the first time Lastpass was hacked, as early as in 2011, Lastpass was also part of the hacker attacks caused by encrypted data leakage. LastPass quickly locked all accounts to prevent unauthorized access, and notify the user via email to confirm the e-mail and change the stronger master password to re enable the account to ensure data security. A lot of changes to the master password operation also led to LastPass server crashes. In 2013, Lastpass has been blasting a security vulnerability, allowing the attacker to obtain the stored LastPass password. However, the vulnerability only affects users using IE browser, and LastPass quickly patched the vulnerability.
at present, it is not clear how many users affected in the attack. LastPass to remind users to change the account password as soon as possible and switch to other sites, in addition, if the user is using a new device or a new IP address login, it is best to log in through the message authentication.