{"id":576,"date":"2015-06-16T14:33:52","date_gmt":"2015-06-16T18:33:52","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=576"},"modified":"2015-06-16T14:33:52","modified_gmt":"2015-06-16T18:33:52","slug":"the-lastpass-security-breach-how-bad-is-it","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/","title":{"rendered":"The LastPass Security Breach: How Bad Is It?"},"content":{"rendered":"<p><a href=\"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/06\/lastPassHacked.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-577\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/06\/lastPassHacked.jpg\" alt=\"lastPassHacked\" width=\"600\" height=\"300\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/06\/lastPassHacked.jpg 600w, https:\/\/solutionsreview.com\/identity-management\/files\/2015\/06\/lastPassHacked-300x150.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>By Damien Hugoo, Product Manager, <a href=\"https:\/\/easysol.net\" target=\"_blank\">Easy Solutions<\/a><\/p>\n<p>Last night, password management company LastPass notified users in a blog <strong><a href=\"https:\/\/blog.lastpass.com\/2015\/06\/lastpass-security-notice.html\/\">post<\/a> <\/strong>that it had been the target of a hack that accessed users\u2019 email addresses, encrypted master passwords, and reminder words and phrases the service asks users to create for those master passwords.<\/p>\n<p>In general, we are not a fan of password management tools. While they provide convenience, a central repository of any sensitive data is always going to garner greater attention from hackers. In some ways, it might even be better to store this sort of encrypted password data locally on a piece of paper in your office. After all, these sophisticated hackers are more likely to be in China or Russia than they are in the cubicle down the hall from you.<\/p>\n<p>But the good news about this story is that the hashes stolen were very well encrypted. The company noted that it has cryptographic protections in place on those master passwords, including \u201chashing\u201d and \u201csalting\u201d functions designed to make cracking the underlying passwords nearly impossible. This should be enough to protect almost all of its users. Those who have not practiced proper password hygiene to date (i.e. using simple passwords or ones reused from other sites) may still be vulnerable.<\/p>\n<p>In addition, LastPass offers two-factor authentication on their services, which will help minimize the impact of that breach. This serves as a good reminder that multi-factor authentication is an effective approach to minimize impact of breach on end-users. Is it inconvenient? Yes. But security is always on the other side of the see-saw from convenience and usability. Users should embrace this option, and even demand that their cloud providers \u201cforce two-factor authentication upon them\u201d. That way, even if (or more realistically when) their passwords are stolen, the underlying account cannot be compromised.<\/p>\n<p><em>Damien <\/em>Hugoo<em> is a technology professional with 10 years of experience in creating, building and deploying digital software products for the financial services industry. Today, Damien serves as the product manager at <a href=\"https:\/\/easysol.net\" target=\"_blank\">Easy Solutions<\/a>, where he plays a key role in the creation of innovative and comprehensive fraud prevention and detection solutions.<\/em><\/p>\n<p>This post originally appeared on <a href=\"https:\/\/newblog.easysol.net\/lastpass-hack\/\" target=\"_blank\">Easy Solutions&#8217; blog.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; By Damien Hugoo, Product Manager, Easy Solutions Last night, password management company LastPass notified users in a blog post that it had been the target of a hack that accessed users\u2019 email addresses, encrypted master passwords, and reminder words and phrases the service asks users to create for those master passwords. In general, we [&hellip;]<\/p>\n","protected":false},"author":24,"featured_media":577,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[6],"tags":[105,107,106,104],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The LastPass Security Breach: How Bad Is It?<\/title>\n<meta name=\"description\" content=\"Last night, LastPass announced critical user info had been hacked. Emails, reminders and hashes were taken, but the damage may not be as bad as it seems.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Edwards\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/\",\"name\":\"The LastPass Security Breach: How Bad Is It?\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/06\/lastPassHacked.jpg\",\"datePublished\":\"2015-06-16T18:33:52+00:00\",\"dateModified\":\"2015-06-16T18:33:52+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6\"},\"description\":\"Last night, LastPass announced critical user info had been hacked. Emails, reminders and hashes were taken, but the damage may not be as bad as it seems.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/06\/lastPassHacked.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/06\/lastPassHacked.jpg\",\"width\":600,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The LastPass Security Breach: How Bad Is It?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Identity and Access Management Solutions | Solutions Review\",\"description\":\"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6\",\"name\":\"Jeff Edwards\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g\",\"caption\":\"Jeff Edwards\"},\"description\":\"Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.\",\"sameAs\":[\"https:\/\/solutionsreview.com\",\"https:\/\/x.com\/InfoSec_Review\"],\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/jedwards\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The LastPass Security Breach: How Bad Is It?","description":"Last night, LastPass announced critical user info had been hacked. Emails, reminders and hashes were taken, but the damage may not be as bad as it seems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/","twitter_misc":{"Written by":"Jeff Edwards","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/","url":"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/","name":"The LastPass Security Breach: How Bad Is It?","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/06\/lastPassHacked.jpg","datePublished":"2015-06-16T18:33:52+00:00","dateModified":"2015-06-16T18:33:52+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6"},"description":"Last night, LastPass announced critical user info had been hacked. Emails, reminders and hashes were taken, but the damage may not be as bad as it seems.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/06\/lastPassHacked.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/06\/lastPassHacked.jpg","width":600,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"The LastPass Security Breach: How Bad Is It?"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Identity and Access Management Solutions | Solutions Review","description":"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6","name":"Jeff Edwards","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g","caption":"Jeff Edwards"},"description":"Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.","sameAs":["https:\/\/solutionsreview.com","https:\/\/x.com\/InfoSec_Review"],"url":"https:\/\/solutionsreview.com\/identity-management\/author\/jedwards\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/576"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=576"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/576\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/577"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}