![]() ![]() The company also said, “We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. We are confident that our encryption measures are sufficient to protect the vast majority of users. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In a blog post, LastPass gave some limited details about what happened: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |