LastPass Just Got Hacked: Change Your Passwords As Soon As You Can
On Monday, June 15, LastPass users have been asked to update (at least) their Master Password as the password-management service admitted a security breach.
"We want to notify our community that on Friday [June 12], our team discovered and blocked suspicious activity on our network," a post published on Monday on the LastPass blog states. "In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed."
LastPass Hack: What Happened? The popular service admitted that the hackers may have gained access to data such as the email addresses and password reminders, and so it advises all the users to log into the platform and update their data. "The investigation has shown that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised," LastPass CEO Joe Siegrist explains.
The company assured that they are taking additional measures "to ensure that users' data remains secure," and has also introduced a new procedure for those who will access their account from a new device or IP address.
LastPass Hack: New Security Measures. "We are requiring that all users who are logging in from a new device or IP address first verify their account by email unless you have multi-factor authentication enabled. As an added precaution, we will also be prompting users to update their master password."
Talking to SecurityWeek.com, Rapid7 Security Engineering Manager Tod Beardsley explained that the hack may now lead to a wave of phishing campaigns that all LastPass users should be aware of. "The fact that the attackers are now armed with a list of LastPass users by e-mail means that we may see some targeted phishing campaigns, presenting users with fake "Update your LastPass master password" links," Beardsley explained. "So, while further direct communication from LastPass to their users about this breach should be welcome, it should be treated with suspicion if there are any embedded links and calls to action."
What does this mean for online gambling?
Although LastPass is not directly connected to online gambling, it's no mystery that the company counts many online players among its users. Considered to be one of the most reliable password managers on the Internet, LastPass has an impressive user base that counts 3.499.615 users of its Chrome extension, 331.375 users of its Firefox add-on, and well more than 2,000,000 users of its mobile apps.
With so many no download casinos out there, and so many rooms that require their players to log into their sites to open an account or to make a deposit, services like LastPass are often regarded as great shortcuts to make sure everything goes smooth and fast.
LastPass Hack: What To Do If you have ever used LastPass, here's what you should do:
- Head to LastPass.com
- Log in to your account
- Click on ‘Account Settings' in the left-hand side menu
- Click on ‘Change Master Password'
- Update your Master Password
By doing so, you will make sure that no one will get access to your data and that all the passwords and usernames you have saved in LastPass are secure.
You should keep in mind that you should never use your LastPass Master Password on any other site to minimize the risk of unwanted access to your LastPass account. Ideally, your Master Password should be at least 12-character long, and include letters, symbols, and numbers. Researchers from Georgia Tech estimated that cracking a 12-character long password with words, numbers, and symbols can take approximately 17,134 years.
LastPass Hack: How to Close My LastPass Account
Monday's episode is the second security breach that LastPass suffers since its launch in August 2008. The first LastPass hack happened in 2010 when the company noticed that an anomaly in their incoming and outgoing traffic was the result of an attack on the platform. Also in 2010, LastPass explained that the hackers did not gain access to any of the passwords stored in the service but only to the email addresses of their users.
However, if two LastPass hacks in five years are too many for you, here's a useful tutorial on how to close your LastPass account.
Step 1: Log in to your account - Head to LastPass.com and log into your account with your regular email and password.
Step 2: Access your account settings - Click on 'Account Settings' in the left-hand side menu
Step 3: Access your account info - Click on 'My Account'
Step 4: Delete your account - As a new tab opens in your browser, click on 'Delete Account' as shown in the picture to complete the procedure and remove your data from LastPass.
LastPass Hack: How to Create The Perfect Password
If you are not sure about your next Master Password, or you simply need some help to create a hack-proof one, here's an useful infographic with everything you need to know to create the perfect password for your gambling accounts!