LastPass Breached - Change Your Master Password Now

  • Thread starter Deleted member 2913
  • Start date
Status
Not open for further replies.

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Some good defence options without 2FA.

Under Security, IP-based Country Restrictions

upload_2015-6-16_13-54-1.png
upload_2015-6-16_13-54-24.png


Under Security, disable the use on Tor Networks
upload_2015-6-16_13-54-40.png


Under Privacy, keep track of login patterns.
upload_2015-6-16_13-55-49.png
 

Oxygen

Level 44
Verified
Feb 23, 2014
3,316

FreddyFreeloader

Level 32
Verified
Top Poster
Well-known
Jul 23, 2013
2,115
YIKES!
Dear LastPass User,

We wanted to alert you that, recently, our team discovered and immediately blocked suspicious activity on our network. No encrypted user vault data was taken, however other data, including email addresses and password reminders, was compromised.

We are confident that the encryption algorithms we use will sufficiently protect our users. To further ensure your security, we are requiring verification by email when logging in from a new device or IP address, and will be prompting users to update their master passwords.

We apologize for the inconvenience, but ultimately we believe this will better protect LastPass users. Thank you for your understanding, and for using LastPass.

Regards,
The LastPass Team
 

FreddyFreeloader

Level 32
Verified
Top Poster
Well-known
Jul 23, 2013
2,115
I had to try a few times before it allowed me to, keep trying i think they are a bit busy . ;)
Sorry, but we are currently experiencing an extremely high volume of support tickets due to our recent security announcement.

Please be patient while we try to respond to your questions and issues as quickly as possible.
Anticipated wait times for non-critical issues are currently 3 days for Premium and over 5 days for free users.
 

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Sorry, but we are currently experiencing an extremely high volume of support tickets due to our recent security announcement.

Please be patient while we try to respond to your questions and issues as quickly as possible.
Anticipated wait times for non-critical issues are currently 3 days for Premium and over 5 days for free users.
They must be getting busier i got in fairly early after it happened.
 
  • Like
Reactions: Kent

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
YIKES!
Dear LastPass User,

We wanted to alert you that, recently, our team discovered and immediately blocked suspicious activity on our network. No encrypted user vault data was taken, however other data, including email addresses and password reminders, was compromised.

We are confident that the encryption algorithms we use will sufficiently protect our users. To further ensure your security, we are requiring verification by email when logging in from a new device or IP address, and will be prompting users to update their master passwords.

We apologize for the inconvenience, but ultimately we believe this will better protect LastPass users. Thank you for your understanding, and for using LastPass.

Regards,
The LastPass Team
They sent this to all lastpass users I think! No reason to panic!
 

FreddyFreeloader

Level 32
Verified
Top Poster
Well-known
Jul 23, 2013
2,115
March 2015 is when I made the move to KeePass from LastPass Premium after I felt that such a service would always be a target and it's only a matter of time, either it be black hat patience, fundamental weaknesses or a dirty insider job.

Regardless, I don't like the risk factor and in spite of all spouted protection they tell us that your passwords are secure, In the end you just have to take their word for it don't you? And hope the worst doesn't happen.

Pessimism has never served me wrong.

http://keepass.info | http://keepass.info/help/base/security.html

https://chrome.google.com/webstore/detail/ompiailgknfdndiefoaoiligalphfdae
(Extension allowing Google Chrome to form-fill passwords stored in KeePass.)

http://keefox.org/
(Extension allowing Firefox based browsers to form-fill passwords stored in KeePass.)

All plugins for KeePass: http://keepass.info/plugins.html

If you're going to continue using LastPass, think of enabling Two-factor verification - A little extra hassle for that proper peace of mind.

https://helpdesk.lastpass.com/multifactor-authentication-options/
Just about anything stored in the "Cloud" can be hacked by governments, IT professors, former (and present) KGB/CIA/FBI types. Only plus is use across multiple platforms. Only reason I'm staying with LastPass is because it's a real pain to switch. If this happens again I think LastPass is out of business.
I know they say they don't have your master password - but how then does their app know it's you and let you log in to your account?
 

R083R7

New Member
Jun 5, 2015
4
Someone pointed out on a website that since e-mail addresses were exposed, that now the hacker(s) most likely know your address is valid and that people should change the e-mail associated with their LastPass account. Is this true, and what would happen if you decided you didn't want to change the e-mail you signed up with?
 
Last edited:
I

illumination

Thread author
Someone pointed out on a website that since e-mail addresses were exposed, that now the hacker(s) most likely know your address is valid and that people should change the e-mail associated with their LastPass account. Is this true, and what would happen if you decided you didn't want to change the e-mail you signed up with?
Having your email address, but no email password = they can not access it. Unless they were to have all of your personal info, and verification email addresses, i would not trip to hard. I did not change mine, as i'm not going to every time there's a chance someone could obtain it, especially when a user gives their email address to sites all day long on their system. The hackers only obtained just enough information, to fill some space, but nothing useful.

I see people post, that offline "meaning on their system" password managers are better.. This is of course if you believe your system is completely spotless, as there is always that chance as well. When you fill out an online form, those webpages are not always encrypted "secured" chances are someone can intercept that, just signing into MalwareTips, not being encrypted, someone could intercept your email address.. Should i go on?
For those that think, any way they turn is a trap,too much Paranoia is not a healthy thing.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top