![]() ![]() She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. If implementing privacy and security measures are not at the top of your priority list, you might consider placing them there now. So if you aren’t the most sophisticated company, and you haven’t suffered a security compromise, you either don’t know that it has already happened or it will. The lesson here is that even companies with the most sophisticated security measures are vulnerable to attack and compromise. Nonetheless, LastPass is requiring that customers change their master password, and further recommending that it be changed if it has been used for any other website. Further, LastPass confirmed that the encrypted user vaults were not compromised, so no data stored in customers’ vaults were at risk. LastPass uses encryption and hashing algorithms for both the username and master password. The first FAQ “Was my master password exposed?” was answered with a firm “No.” LastPass explained that LastPass never has access to a customer’s master password, and therefore, the hackers did not get access to it either. LastPass posted FAQs on its website on June 16th in response to a flurry of questions. According to LastPass, it “quickly detected, contained, evaluated the scope of the incident, and secured all user accounts.” On June 15, 2015, LastPass, a company offering a product for customers to centrally manage their passwords with a single password, disclosed on its blog that intruders had broken into its system and absconded with users’ email addresses, password reminders, server per user salts and authentication hashes. But what happens when the password management system gets hacked? That’s why password management products have entered the marketplace-to help us manage our passwords. A good security practice is to use different and complex passwords across different platforms, but it is so hard to keep track of all of them. The attack was detected, but investigations into the incident have shown that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.We know it’s hard to keep track of passwords. ![]() Last Friday someone attacked LastPass and compromised their network. ![]() But depending on the password manager and how you use it, this risk is acceptable. However, online password managers like LastPass come with some risk, the biggest being that all of your passwords are stored in one location. Password managers are a good idea, and a great way to securely create and store passwords. LastPass is a password manager, one of several available online. However, before you panic, there are some things you should know, including the fact that a compromise like this was bound to happen sooner or later – but be glad that LastPass informed you, as such knowledge can keep you protected in this case. On Monday, LastPass informed customers about an attack that took place on Friday, which compromised password data. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |