It seems as though major cybercrimes are coming along about once a week, at least the ones that get big news coverage.
The one last week was the news about LastPass. Here's CNN's take on it: Irony alert: Password-storing company is hacked. Yes, it does seem ironic that a company which consistently got good recommendations from techies, a company that is supposed to let users store all their passwords in one convenient spot, got hacked.
But that's what happened. LastPass released a public announcement on June 15 in which they said the following:
We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.
Sophos defines "salting" and "hashing" as follows:
Salting is where you add some random nonsense to the actual password text. So even if two users pick the same password, their password representations end up different. Hashing is where you scramble the salted password cryptographically and store the one-way scrambled version only.
They're presuming it would take the hackers a long time to get to a customer's original password with a standard computer with a brute force program. So LastPass is recommending that their customers change their passwords as soon as possible. Thinking hypothetically, if the hackers had also gotten the customers' data, they could eventually get access to it using the same type program regardless of what the customers did in the meantime.
While we're being worry warts, let's also wonder how long it will be before hackers compromise our elections through those computerized voting machines election administrators are so proud of. Experts say they're easy targets.