Nowadays LastPass, the on-line password storage website, announced that they detected a security breach on their network last Friday. They additional state that there was no proof that encrypted user vaults, which include the passwords, were taken or user accounts were accessed. Unfortunately, account e mail addresses, password reminders, and authentication hashes have been accessible to the hackers. Even though LastPass states the authentication hashes are secure with thousands of rounds of SHA256 encryption, they are asking folks to verify their accounts again and update their master password.
It could be true that user’s passwords are secure, but the data that was accessible still poses a major security threat. Criminals can use this information to generate targeted phishing campaigns that can be used to trick people into getting into their master passwords or other sensitive info in order to achieve further access to a victim’s LastPass account.
Sadly, LastPass decided not to immediately send emails to all impacted users and only posted the announcement nowadays three days after the security breach. There are already numerous comments from LastPass users on the announcement page on how they feel LastPass did a negative job handling the situation and notifying their customers. […] Most recent news and stories from BleepingComputer.com