LastPass Security Notice

Update: July 10, 2015 @ 8:00 PM EST

Thank you for taking the time to read our posts and follow our recommended actions after the recent events. Behind-the-scenes, our response has been ongoing. As we mentioned before, we’ve engaged security experts and firms to help us, and we’re working with the authorities to take the appropriate actions.

These events have put our systems to the test, and we’re more secure as a result. Security is an ongoing back-and-forth. We make advancements, and the bad guys do, too. The work is never done here at LastPass. It’s constantly evolving, so it’s important to stay ahead of the game. And when we’re put to the test, we can point to what worked in our model, and evaluate how to secure our fortress going forward.

For example, this event has advanced our timeline for implementing Hardware Security Modules (HSMs), which are now in use. These are designed to protect the cryptographic infrastructure of LastPass. HSMs are used by some of the most security-conscious organizations in the world for managing, processing, and storing cryptographic keys. They are hardened, tamper-resistant devices. All that’s to say, we’re utilizing new, advanced technology to make our solution even more resilient and secure.

We’ve implemented dozens of other changes, large and small, to strengthen our systems and improve the service going forward. We’ve opened up a paid bug bounty program to source security improvements from the research community. We’re adding scrypt as an additional layer to strengthen the authentication hashes server-side, adding further protection against large-scale brute-force attacks.

We have also continued to expand our capacity for larger-scale events like this one. We are designing for better messaging within the service, simplifying session management, and adding more comprehensive device history, all of which help our users be more proactive and informed. Password hints are now optional, too, and a policy to disable them is being added to the LastPass Enterprise Admin Console.

We prioritized disclosing what happened and all of our actions have centered around keeping you and your data secure. Going forward, we don’t want to lose sight of the ever-growing need for password managers like LastPass. Managing strong, complicated, difficult-to-remember passwords is challenging when you also need to use a different password everywhere. For most of us, we simply can’t practice good password security without a safe tool to help. Password managers are the most efficient way to generate strong passwords for every website, remember those passwords, and backup and sync those passwords securely.

We build a service that is constantly put to the test, and improves as cybersecurity threats change. And we never stop advancing our systems as new technology comes available. All of our resources are invested in building a secure service and putting it to the test, so that together we can keep our identities and our data safe.

Joe Siegrist
& the LastPass Team

 

Update: June 16, 2015 @ 4:10 PM EST

We appreciate the patience and support from our community after yesterday’s announcement. As expected, we work tirelessly to make sure that your data is safe. That’s why we quickly detected, contained, evaluated the scope of the incident, and secured all user accounts. We want to assure our users that our cyberattack response worked as designed.

We’ve received many questions so we want to take a moment and provide additional clarification:

Was my master password exposed?
No, LastPass never has access to your master password. We use encryption and hashing algorithms of the highest standard to protect user data. We hash both the username and master password on the user’s computer with 5,000 rounds of PBKDF2-SHA256, a password strengthening algorithm. That creates a key, on which we perform another round of hashing, to generate the master password authentication hash. That is sent to the LastPass server so that we can perform an authentication check as the user is logging in. We then take that value, and use a salt (a random string per user) and do another 100,000 rounds of hashing, and compare that to what is in our database. In layman’s terms: Cracking our algorithms is extremely difficult, even for the strongest of computers.

Am I at risk if I have a weak master password?
An attacker could try to guess your master password, then use your per-user-salt and authentication hash to determine if their guess was correct. Typically, an attacker would try a list of commonly-used passwords or dictionary words (such as 12345678, password1, mustang, robert42, iloveyou). They would have to do this for you specifically, since your “per-user” salt is unique to your account . Because your password is hashed thousands of times locally, and this hashed value is again hashed 100,000 times before being stored server-side, guesses will be very slow. If your master password is weak or if your password reminder makes it easy-to-guess, then the attacker could significantly reduce the number of attempts needed to guess it correctly. Then the attacker would have your master password, but not your data, since your data vault was not exposed. If the attacker attempted to get access to your data by using these credentials to log into your LastPass account, they’d be stopped by a notification asking them to first verify their email address.  We require this security measure for any attempt to access your vault from a new device/location, unless you have multifactor authentication enabled.

Were passwords or other data stored in my vault exposed?
No, your data is safe. Encrypted user vaults were not compromised, so no data stored in your vault is at risk (including form fill profiles, secure notes, site usernames and passwords). However if you used your master password for any other website, we do advise changing it – on LastPass as well as on the other websites. Note that you should never reuse passwords – especially your LastPass master password!

What should I do now?
Our security and processes worked as designed, and customer data was, and is, protected. Because we are requiring verification for any new IP address or device, your account is secure. You will be prompted to update your master password when you login. Not all users will see the prompt immediately, but your account is safe and you can update when prompted. For added security going forward, we recommend enabling multifactor authentication. Also, be wary of phishing emails asking you to disclose your master password, payment information, or any other personal information. Never, ever disclose your master password or any confidential information, even to someone claiming to work for LastPass.

Why did I hear about this in the media first?
Emails have been sent to all users regarding the security incident. Notifying millions of users via email takes time. Therefore, we also announced the security alert to our blog and our social accounts in real-time, and the media quickly picked up the story.

I reset my master password, but now I can’t get in!
If you forgot or mis-typed your new master password, please revert your change: https://lastpass.com/revert.php and login again with the previous master password. Then you can try another change (and be careful of typos!).

I don’t remember my old master password.
Please try password recovery: https://lastpass.com/recover.php on a browser where you’ve used LastPass before. For more information about account recovery, see: https://helpdesk.lastpass.com/account-recovery/

 

June 15 ,2015 @ 12:28 PM EST

We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

Nonetheless, we are taking additional measures to ensure that your data remains secure. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled.

An email is also being sent to all users regarding this security incident. We will also be prompting all users to change their master passwords. You do not need to update your master password until you see our prompt. However, if you have reused your master password on any other website, you should replace the passwords on those other websites.

Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.

Security and privacy are our top concerns here at LastPass. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. In addition to the above steps, we’re working with the authorities and security forensic experts.

We apologize for the extra steps of verifying your account and updating your master password, but ultimately believe this will provide you better protection. Thank you for your understanding and support.

Joe Siegrist
& the LastPass Team

1,424 Comments

  • Tango Down says:

    The whole concept of LastPass is ingenious in the way it exploits dumb user incapacity to remember and handle passwords. Convincing people to store their security tokens on a third party site is genius. It is definitely one of the dark elements of the Internet. It should be unsurprising that LastPass is getting hacked. It is a centralized server full of passwords. Who would not want to hack that? We are now all aware that nobody, nobody, nobody is invulnerable because they use 25 pass 2 factor AES authentication over an X.25 network, or some s__t, no matter what Mr. CEO says.

    My advice to people with bad memories for passwords: write them down. It’s a lot more secure against network attacks than LastPass.

  • Matthias Buesing says:

    I’m a long time LP user and love it – but honestly: I’M think about changing to Keepass. Terms like “…We are confident that our encryption measures are sufficient to protect the vast majority of users.” do not sound very convincing :-(

    • Zoro says:

      Well, if you choose a password like “password” and don’t enable two-factor authentication, what solutions are out there to protect? I guess nothing can protect you.

  • Zoro says:

    > Cracking our algorithms is extremely difficult, even for the strongest of computers.

    How many years would it take to be cracked using a super computer or a massive array of GPU compute systems?

    Thanks,
    Zoro