SoylentNews

darkfeline [soylentnews.org] writes:

http://arstechnica.com/security/2015/06/hack-of-cloud-based-lastpass-exposes-encrypted-master-passwords/ [arstechnica.com]

The unknown attackers obtained hashed user passwords, cryptographic salts, password reminders, and e-mail addresses. Ultimately, it means that the attackers did not get the passwords stored by LastPass, only the password hashes used for authenticating with LastPass. Thus, so long as users change their passwords before their hashes are cracked, they are safe. LastPass has properly salted and hashed their password, so cracking the leaked hashes is not trivial.

Original Submission