Nobody on earth is secured from hacking. Recently US Army website (army.mil) and US Government Agency were hacked. On Monday, LastPass a Password Storing Company announced that hackers broke into its computer system and got access to user email addresses, password reminders and encrypted versions of people’s master passwords reports CNN Money.
LastPass said it discovered the digital break-in on Friday. It’s still very early in its investigation, but if the Password Storing Company is right, hackers didn’t manage to grab plain text versions of the all-powerful master passwords. Still, hackers grabbed encoded versions of people’s passwords. But if your master password is simple and common, like Password123, these hackers can crack it in no time. Hackers can also easily rent out computer servers and use computing power to decipher all the others.
“Attackers seem to have all they need to start brute-forcing master passwords,” said Tod Beardsely, a research manager at cybersecurity firm Rapid7.
Hackers also grabbed user password reminders. So, you’re out of luck if your question is something like, “Where were you born?” Anyone can figure that out using public records or social media accounts. The potential damage here? Identity thieves might suddenly have access to important information such as email accounts, social media, banks, hospital records — everything.
Cybersecurity experts reacted strongly to the news. For months, many of them have touted LastPass and similar services as an elegant solution to one of today’s annoying problems of keeping track of multiple passwords. Keeping the same password is reckless and remembering dozens is annoying. This third option relies entirely on trusting a company to protect them.
“The recommended standard best practice is to use a password manager. It’s the best way to deal with the tragedy of passwords,” said Jon Oberheide, an executive at cybersecurity firm Duo Security. Oberheide said he uses a password manager himself. There’s a caveat, though. Oberheide doesn’t use it for his critical accounts like Gmail or online banking. In a blog post, LastPass urged users to quickly change their master passwords. And as every hacked company does, it assured users “security and privacy are our top concerns here at LastPass.”
David Longenecker, an independent cybersecurity expert in Texas, complained that the Password Storing Company LastPass posted a public blog post about the incident before warning its users to change their passwords. I would have preferred getting the PSA to change password from you, versus through the grapevine,” he wrote publicly to the company. In this latest password database theft the only people who are protected are those who set up an extra security feature: two-step authentication, which requires a text message as a second passcode.