The online password vault service LastPass announced they suffered a cyber-attack yesterday and were the victims of a serious data breach. An investigation has revealed that no encrypted user vault data was taken (users master password) and no user accounts were accessed. However there was a lot stolen; LastPass account email addresses, password reminders, hashed user passwords and cryptographic salts. Although your master password may not be immediately at risk, there is still a significant risk that, given time, your password may be cracked and your account accessed. At the very least the hackers now have a lot of your personal information which will only be used with malicious intentions.
LastPass also suffered a similar attack in 2011 where more details about users was accessed. These hacks show how vulnerable password vaults can be and how susceptible they are to external threats. If your business uses a password vault service then you need to move to a more secure system of password and identity management.
Marc Juffkins, Operations Director at Riverbank IT Management says “We have banned the use of password vaults within Riverbank. We are also in the process of implementing enterprise-level identity management for our clients using Okta. This adds an extra layer of security – users won’t even know the passwords for the systems they are given access to at work.”
For more information on the alternative to password vaults, or if you would like more information on how Riverbank can protect your business, contact us on 01235 823 130 or email firstname.lastname@example.org.
More information on the latest hack at: https://blog.lastpass.com/2015/06/lastpass-security-notice.html/.
Details of previous security hacks, including the previous attack on LastPass at https://www.okta.com/blog/2011/11/millions-of-gamers-have-their-data-stolen%E2%80%A6again/