+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

This week's biggest hack probably wasn't a problem for most people

Jun 17, 2015, 00:48 IST

A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014.REUTERS/Mal Langsdon

If you are a LastPass user who has been freaking out over the recent breach, take heed. All of your passwords are likely still safe.

Advertisement

LastPass is one of the most popular apps people use to manage their passwords. You only have to remember one password, and the LastPass app can fill in the proper login information for various sites and services. The breach, which the company announced on Monday, consisted of password reminder hints, user emails and other information being stolen.

While this sound scary, it's important to understand how LastPass works, said Joe Loomis, CEO of the security company CyberSponse.

Because the hackers were only available to really retrieve reminders and emails, there's not a lot of damage they can do because they still no access to your master password and thus your account, Loomis said.

"It's kind of a half-breach, because all they did was get emails and reminders, which is on the front-end," he said. "They got into the bank, but not into the vault. They got into the lobby and the customer service center, but they didn't get any of their money."

Advertisement

LastPass users have one master password that gives them access to their account where passwords for other sites are stored. The master password is secured with a high level of encryption and was not exposed in the breach. Passwords stored in the system were also not compromised.

And because LastPass doesn't enable a password reset in case you forget your master password, there's no way for the bad guys to change it to access all of your stored passwords, Loomis said.

"It really didn't pose any kind of risk to anybody because you can't reset your LastPass password, that is what makes the system so strong," Loomis said. "The only way a reminder becomes valuable is if someone put in the name of their pet or something."

In other words, unless you used an insanely easy-to-guess master password with a hint that gave it away, you are probably in the clear.

Regardless, though, LastPass is still prompting all users to change their password as an extra precaution.

Advertisement

"We decided to prompt users to change passwords to account for individuals that may have very weak master passwords," a LastPass spokesperson told Business Insider.

To add an extra layer of security going forward, Loomis said that users should also enable multi-factor authentication for the password manager. This is an extra way to verify your identity when accessing accounts. It typically means you will have to enter a code sent to your mobile device in addition to your username and password for account access.

LastPass also cautions users to be wary of phishing emails that might ask for the master password for your account or your email address.

NOW WATCH: How To Make Sure You Never Forget Your Passwords Again

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article