Password service warns users to change their, yep, passwords
In this June 1, 2015 photo, Japan Pension Service President Toichiro Mizushima, left, bows in apology for the leak of personal information on pension subscribers during a press conference at Health, Labor and Welfare Ministry in Tokyo. The latest attacks targeting the national pension service are thought to have stolen about 1.25 million names, including some 700,000 passwords. Such thefts are adding to concerns as the country gears up to introduce a national identification number system in 2016 that would create more online links to personal data. Wealthy nations face a high and fast-growing threat of cyberattacks while risks from terrorism increasingly are confined to poorer, conflict-stricken countries, according to a defense outlook report by the consultancy Deloitte. AP
SAN FRANCISCO, United States — A popular web service that promises to help people keep their passwords secure has reported hackers may have obtained some user information — although not actual passwords — from its network.
Security experts say it’s just another indication that any online information is subject to attack.
LastPass, which makes a program that stores multiple passwords in encrypted form, warned Monday that it had detected “suspicious activity” on its own computer system, which led to the discovery that some users’ email addresses, password reminders and encryption elements were compromised. The company said it had blocked the attack and its investigation found no evidence that individual passwords or user accounts were breached.
‘Vast majority protected’
The Fairfax, Virginia, company is advising users to change their LastPass master passwords, which are used to retrieve encrypted individual passwords for the users’ other online services or accounts. But it said they don’t need to change individual passwords for all their accounts. It’s also taking steps to verify the accounts of users who log in from a device or router they have not used before.
“We are confident that our encryption measures are sufficient to protect the vast majority of users,” CEO Joe Siegrist said in a blog post, while apologizing to users for the inconvenience of changing their passwords.
When users are signed into their LastPass account, its software then automatically enters the appropriate password for each service or website as required. Many security experts recommend using password managers, like LastPass and other similar services, because they make it easier to have a different, hard-to-crack password for each online account, without having to remember each one.
Several experts praised LastPass for disclosing the apparent breach and said users shouldn’t be overly alarmed. But they agreed that users should change their master passwords and refrain from clicking on links in emails that claim to be from LastPass.
