A company that stores people's passwords has been hacked.
LastPass is a website that lets people store passwords online so they can access them all with a single master password.
At the beginning of the week the firm announced that hackers gained access to its computer system, stealing user email addresses, password reminders and encrypted versions of people's master passwords. Hackers also managed to steal encoded versions of people's passwords.
LastPass said they discovered the attack last Friday and they are still in the early stages of their investigation.
Research manager at cyber security firm Rapid7, Tod Beardsley said: "Attackers seem to have all they need to start brute-forcing master passwords."
In a blog post LastPass urged users to quickly change their master passwords, and assured users "security and privacy are our top concerns".
Independent cyber security expert in Texas David Longenecker said LastPass posted a public blog post about the incident before warning its users to change their passwords.
He wrote publicly to LastPass on Twitter: "I would have preferred getting the PSA to change password from you, versus through the grapevine."
Return to internet news headlines
View Internet News Archive