+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 
  • Home
  • tech
  • Hackers have been talking about LastPass security problems for years

Hackers have been talking about LastPass security problems for years

Cale Guthrie WeissmanJun 17, 2015, 21:57 IST

On Monday the popular password manager app LastPass admitted to being hacked. After the initial announcement, the company assured its customers that their master password data was not exposed, and it's likely that most user passwords are still safe. But it turns out this hack may have happened years ago, and that LastPass has been a known target for hackers. A security researcher told Business Insider that the announcement did not come as a shock. According to the digital security company SecurityScorecard's chief research officer Alex Heid, his team has seen inferences of leaked LastPass data since 2013.According to Heid, SecurityScorecard found a submission on the anonymous posting site Pastebin in 2013 detailing "a list of SQL injection vulnerable websites" An SQL injection is a hacking technique to attack digital applications that store data.Heid described this list as "websites that were vulnerable and could have a database taken." LastPass was indeed included in this list, meaning that hackers and/or researchers had found a vulnerability in its code two years ago.Given this discovery, Heid and his team think it's highly likely that LastPass was exploited some time ago, and that the hackers have ever since been "sitting on the data."The real take home, however, isn't necessarily that LastPass has been targeted for years now, said Heid. Instead it's that offering a supposedly secure service that stores private keys on public clouds is a "counter intuitive idea." "It doesn't make much sense because of course it's going to get hacked," he said. He (along with many other experts) recommend that people use password manager solution that allow people to store their private key information locally.

NOW WATCH: Mark Cuban explains why downloading Snapchat is a huge mistake

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Latest Stories
Why is actor Tamannaah Bhatia being questioned by the ED for a money laundering case?
PM Modi to meet Putin and Xi Jinping at BRICS summit in Russia on October 22-23
What are the consequences and penalties of issuing a fake bomb threat in India?
Samsung Galaxy A16 5G with six years of Android updates launched starting at ₹18,999
Reserve Bank may act against more NBFCs to keep obscure lending practices in check, says Morgan Stanley
Trending News
Next Article
Next Story
Popular Categories
Trending Right Now

Copyright @ 2024. Times Internet Limited. All rights reserved.For reprint rights. Times Syndication Service.