Hackers broke into LastPass, a password manager owned by LogMeIn, and gained access to “encrypted user vaults.” The news, first reported by Motherboard, comes just two days after parent company LogMeIn announced it would be acquiring password manager Meldium.
LastPass has confirmed the breach, saying that it learned about the intrusion on Friday evening.
“We want to be clear that LastPass account information — passwords, email addresses, server per user salts, and LastPass account hashes — were not compromised,” the company wrote in a blog post. “The attackers were, however, able to gain access to LastPass’ systems, including our internal network, server, and source code. We are still investigating the extent of the attack, but we believe that our encryption measures held up and your data remains secure.”
The company says it has patched the hole and is now “actively revoking all affected user’s sessions.” It’s also resetting all LastPass account emails, as well as any “server-side data we believe may have been compromised such as user salt and password reminders.”
LastPass is urging all users to enable two-factor authentication if they haven’t already, and says it will be “providing an optional service to migrate your encrypted data to a new Vault.”
This is a developing story, and we’ll update it as we learn more. In a blog post published late yesterday, LastPass parent company LogMeIn announced that “an unauthorized party” had gained access to a database that included LastPass user email addresses, password reminders, server per user salts, and encrypted master passwords.
In response to the intrusion, LastPass says it has invalidated all LastPass account email addresses and password reminders, and that it will be requiring all users to update their master passwords the next time they log in. The company is also urging users to enable two-factor authentication on their accounts.
LogMeIn says it is still investigating the matter and has informed law enforcement of the incident.
This is a developing story, we will update this post as we learn more. Correction: This story originally said LogMeIn was resetting LastPass username and password information in addition to the company’s internal security. In fact, LastPass account passwords were never compromised. The story has been updated with the correct information.
Note: When you purchase something after clicking links in our articles, we may earn a small commission. Rea
Daily Crunch: Hackers pinched LastPass customers’ encrypted password vaults, parent company admits
The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.
1. Hackers pinch LastPass customers’ encrypted password vaults, parent company admits
Earlier this week, news broke that LastPass had been hacked. Now, the company has announced that Dashlane, 1Password and otherPassword Managers had their user data compromised in the same attack. The company is urging users to change their master passwords and enable two-factor authentication.
2. Facebook finally cuts ties with Huawei
Following the U.S. government’s blacklisting of Huawei, Facebook has stopped pre-installing its apps on Huawei’s smartphones. What’s not clear is whether current owners of Huawei devices will still be able to use Facebook’s apps.
3. Amazon is shutting down its restaurant delivery service in the US
Amazon is shutting down its restaurant delivery service in the U.S., just over two years after it launched. The company says it will now focus on grocery delivery through its Prime Now and Amazon Fresh services.
4. SiriusXM is buying podcasting company Stitcher from E.W. Scripps for $325 million
SiriusXM is acquiring Stitcher, a leading podcasting company known for its popular podcast app and offerings like “Freakonomics Radio,” from Scripps for $325 million. The company says the acquisition will make it the “largest audio network in the U.S.”
5. Roblox is reportedly raising $150 million at a $3 billion valuation
Roblox, a gaming platform with millions of monthly active users, is raising a new round of funding from investors that could value the company at $3 billion or higher. The funding comes as the company is seeing a surge in popularity thanks to a new generation of gamers.