When data and security specialists admit to a data breach, we have some more proof that there are a whole bunch of inspired hackers out there. LastPass, an online password manager and form filler, detected an anomaly in its traffic, and unable to attribute a possible reason for its happening, have decided to responsibly assume its database has been compromised. It has urged people to change their master passwords, but assures them that only a small portion of its users have may have been affected.
[RELATED_ARTICLE]LastPass makes it hard to break its password encryption, employing methods to ‘salt’ its data – encrypt passwords with random keys before hashing them. However, looking at the size of data that left the system, and LastPass admits that it could very well include email addresses, salted password hashes and the server salts. The encrypted data blob apparently only accounts for a small percentage of LastPass users, on the orders of tens of users in millions.
Within millions of users trusting their many different passwords with LastPass, a surge of traffic greeted the news for while, since it broke yesterday, nearly crippling the servers. To be sure, LastPass has always advised users to maintain strong passwords, as well as a strong LastPass master password - the only one they'd need remember - to access them all. As long as they have done so, even the affected few would be safe in the period it took for them to change their master password, with non-dictionary passwords pretty much immune to brute-force attacks.