The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission.
LastPass hacked: cybersecurity and password firm loses passwords in attack
Email addresses, password reminders and passwords themselves were compromised in the hack
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.LastPass, a cybersecurity and password firm that aims to help people keep their logins safe, has been hacked and had users’ data compromised.
The service is one of many that aim to help people keep passwords safe by keeping them all in one place — users remember one master password, and software generates safe, unique ones for each website a person visits.
But hackers have broken into the company’s network and stolen those master passwords and other login details, potentially exposing all of the data that has been stored with passwords generated from the service. The passwords that have been stolen are hashed, meaning that they are encrypted and the hackers will have to break that encryption to actually read them.
The company says that it is “confident” that the encryption measures it uses “are sufficient to protect the vast majority of users”, in a blog post announcing the breach. As such, the company doesn’t recommend changing the passwords on the accounts used with LastPass, but does recommend changing passwords on the service.
Users will be sent emails telling them about the breach and will be prompted to reset the master password. The service also encourages resetting the password on any site where the master password had been used.
Password managers like LastPass advertise themselves on being much safer than alternatives. Rather than people needing to remember individual passwords — and therefore choosing easy to guess ones, like 123456, or write them in obvious places — they can just remember one and the manager will generate much more secure ones for other sites.
But it does mean trusting one site to store password information for all logins on the internet. LastPass encrypts all of the information it stores to ensure that it is kept secure.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments