LastPass says hackers stole customers’ password vaults

LastPass says hackers stole customers’ password vaults

LastPass, a password manager giant, has confirmed that cybercriminals have stolen encrypted password vaults of its customers. These vaults store passwords and other secrets in a secure location. Data breach This year, earlier.

In An updated blog post LastPass CEO KarimToubba stated that the intruders made a copy of a backup of vault data using cloud storage keys obtained from an employee of LastPass. The customer password vault cache is stored in a proprietary binary format that includes both encrypted and unencrypted vault data. However, technical and security details were not disclosed. LastPass doesn’t say much about the unencrypted data, including vault-stored web addresses. It is not clear when the stolen backups were taken.

LastPass stated that password vaults of customers are encrypted and cannot be unlocked without the master password which is only known by the customer. The company warned that cybercriminals could attempt to decrypt vault data and guess your master password by brute force.

Toubba stated that cybercriminals also stole vast amounts of customer data, including email addresses and phone numbers, as well as billing information.

Password managers are available It is overwhelmingly a good thing Use these password managers to store your passwords. They should be long, complex, and unique to each site. These security incidents are a reminder that password managers are not all created equal and can be compromised in different ways. Because everyone’s threat model differs, no two people will have the exact same requirements.

We have spelled it out in rare instances of shituation (not typo). LastPass data breach notice: Our parsing If a bad actor has access the encrypted password vaults of customers, “all they would require is a victim’s master password.” An exposed password vault is only as strong and secure as the encryption used to scramble it.

LastPass customers, it is a good idea to change their current master password to a unique password (or passphrase). This should be written down and kept safe. Your LastPass vault will be secured.

You should change the passwords in your LastPass vault if you suspect that your LastPass password vault may be compromised. You should start with the most important accounts first, such as your email account, your cell phone plan account and your bank accounts. Then work your way down the priority order.

The good news is that Any account protected by two-factor authentication An attacker will find it much more difficult to gain access to your accounts without the second factor, such a pop-up phone or an emailed code. It is important to protect second-factor accounts, such as your email accounts or cell phone plan accounts, first.

Continue reading