Home
Internet
Internet News
Last Manager Acknowledges Breach

Last Manager Acknowledges Breach z543k

By Nicole Perlroth, The New York Times | Updated: 16 June 2015 09:23 IST

ment

Last, the online manager, announced Monday in a blog post that its network was breached and that hackers made off with email addresses, reminders and encrypted master s.

Within the security community, managers have long been controversial. Some say online managers help everyday s become more secure than they would otherwise, because it makes it easier to set up complex different s for different s without having to them all. Others have been wary of managers like Last because if the manager gets breached, hackers can potentially unlock all the s managed through the service. ps5n

Joe Siegrist, the Last chief executive, said the company discovered the breach on Friday after detecting suspicious activity on its network. The company said that it found no evidence that Last s were compromised, or that hackers were able to get s' master s, or s encrypted with that .

But the data hackers did access - including email addresses and reminders - is still troubling, security experts note, in that often all hackers need to unlock an email is an email as a name plus a reminder.

Tod Beardsley, a security engineering manager at Rapid7, said that the attack gave hackers a list of Last email addresses that they could target in so-called phishing attacks, in which they send victims emails with links that try to trick s into revealing more data, like a fake "Update your Last master " email, that can be used to crack their s.

Last said it would be resetting s' master s, and advised s to turn on multifactor authentication, an added security measure which requires a second one-time , often sent to s via text message, anytime they to their s from an unrecognized machine.

The company said it was confident that its encryption measures would be enough to protect the vast majority of its s. Last strengthens the keys needed to unlock master s by forcing them to go through a large number of complicated iterations. The company appends random digits to the key, then encrypts it more than 100,000 times, which makes it difficult to break stolen hashes with cracking tools.

The attack was the second breach notification from Last. The first incident happened four years ago. The latest attempt to access the company's s was discovered on Friday, but a picture posted to Imgur, the image sharing site, of a Google security warning suggests that hackers may have found a way inside the service as long as three weeks ago.

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.