Despite the LastPass hack, cybersecurity experts say to stick with password managers

Despite the LastPass hack, cybersecurity experts say to stick with password managers

Boston cybersecurity company LastPass, which makes a popular password management app, said it was hacked but that no customer information was stolen.

LastPass, which is being spun off from software company GoTo, said the attackers stole some of the system’s source code and other technical information.

More than 33 million people and over 100,000 businesses use LastPass apps to store their login information. In theory, password manager apps help people improve security by maintaining hard-to-guess passwords without reusing the same password for multiple sites.

The hacking attack did not reach any of its customers’ stored passwords or other information, LastPass said, although the investigation is ongoing. “After launching an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults,” the company wrote in a blog post.

The incident follows dozens of high-profile hacking attacks against other companies that have resulted in the theft of personal information about consumers and worse. Last year, Chinese hackers penetrated Microsoft’s Exchange email servers and gained access to millions of messages. And a December ransomware attack on Ultimate Kronos Group destroyed offline payroll and scheduling software used by thousands of businesses, government agencies and nonprofits.

LastPass does not recommend that customers change passwords or take any other action. The company said it stores all customer data in encrypted form that it cannot decode, providing an extra layer of security.

See also  10 Video Game Characters That Should Probably Stay Away From TikTok

Security experts said it still makes sense to use a password manager app.

“They’re a far better option than reusing old passwords,” said Northeastern University professor and cybersecurity expert Ryan Ellis. “Like anything, they’re not perfect. But in an age where each of us has more accounts – and more passwords – than they can count, password managers are an essential tool.”

Bruce Schneier, head of security architecture at Boston-based Inrupt and author of numerous books on cybersecurity, was even more blunt. “A friend of mine got sick from a bad clam the other week, and in light of that, I’m wondering if it’s still safe to eat,” he joked. “But I understand the concern.”

Still, consumers can go beyond just using a password manager if they’re worried about the hack, said Kevin Powers, director of cybersecurity policy and management at Boston College. He recommended using a multi-factor authentication app in combination with a password manager.

“You’re never 100 percent sure, but you can reduce your risk by following some simple best practices,” he said.


Aaron Pressman can be reached at [email protected] Follow him on Twitter @ampressman.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *