- Associated Press - Monday, June 15, 2015

SAN FRANCISCO (AP) - A popular web service that promises to help people keep their passwords secure has reported hackers may have obtained some user information - although not actual passwords - from its network.

Security experts say it’s just another indication that any online information is subject to attack.

LastPass, which makes a program that stores multiple passwords in encrypted form, warned Monday that it had detected “suspicious activity” on its own computer system, which led to the discovery that some users’ email addresses, password reminders and encryption elements were compromised. The company said it had blocked the attack and its investigation found no evidence that individual passwords or user accounts were breached.

The Fairfax, Virginia, company is advising users to change their LastPass master passwords, which are used to retrieve encrypted individual passwords for the users’ other online services or accounts. But it said they don’t need to change individual passwords for all their accounts. It’s also taking steps to verify the accounts of users who log in from a device or router they have not used before.

“We are confident that our encryption measures are sufficient to protect the vast majority of users,” CEO Joe Siegrist said in a blog post, while apologizing to users for the inconvenience of changing their passwords.

When users are signed into their LastPass account, its software then automatically enters the appropriate password for each service or website as required. Many security experts recommend using password managers, like LastPass and other similar services, because they make it easier to have a different, hard-to-crack password for each online account, without having to remember each one.

Several experts praised LastPass for disclosing the apparent breach and said users shouldn’t be overly alarmed. But they agreed that users should change their master passwords and refrain from clicking on links in emails that claim to be from LastPass.

Copyright © 2019 The Washington Times, LLC.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide