The CEO of LastPass, Karim Toubba, has confirmed that a threat actor stole customers’ password vaults. This happened after it was found out in August that someone who shouldn’t have been able to did hack into development servers and stole source code and some technical information about LastPass.
Toubba said at the time that there was no evidence that customer data or password vaults had been hacked. A few weeks later, at the end of November, LastPass said that a threat actor had used the information he or she had gotten from the first breach to access “certain elements” of customer data in a third-party cloud storage service. Customers’ passwords would remain “safely encrypted,” it was said again and again.
In the update from December 22, Toubba talks about how the threat actor was able to “access and decrypt some storage volumes” from the cloud-based storage service, which is physically separate from the LastPass production environment. The problem was that this service made backups, even of customer vault data.
Toubba said that these backups are saved in a format called “proprietary binary” and have both encrypted and unencrypted data. The encrypted data includes usernames and passwords for websites, as well as any secure notes that may have been entered. This information is encrypted with 256-bit AES encryption, and the user’s master password is the only way to get it back. The plain text data looks like website addresses, or URLs.
How this affects you
How this affects you as a LastPass customer really depends on how strong your master password is. If it’s short and easy to remember, or if it’s a string you use elsewhere, you could be in trouble.
Toubba says that LastPass’ Zero Knowledge architecture means that sensitive vault data, like site passwords, are safely encrypted. However, he does say that users with weak master passwords “should think about reducing risk by changing passwords of websites you have stored.”
LastPass Password Vaults Stolen By Hackers
It’s not unusual for hackers to try to steal login information from password managers. In the past, hackers have sometimes stolen LastPass password vaults.
In 2015, for example, LastPass said that its systems had been hacked and that some user account information had been lost. The company said that the attackers had gotten access to email addresses, password reminders, and encrypted versions of passwords. But the company stressed that the attackers did not get the key needed to decrypt the passwords, so the passwords themselves were still safe.
In response to the attack, LastPass added more layers of encryption to protect user data and made all users change their master passwords.
Despite these efforts, hackers have stolen password vaults from LastPass in other situations. In 2017, a hacker said he had the login information of more than 32 million LastPass users and was selling it on the dark web. But it was later found out that the hacker didn’t get this information directly from LastPass. Instead, he got it from other data breaches.
Even though it’s important to know about the risks, it’s also important to know that LastPass takes a lot of steps to protect user data and respond quickly to any security issues. The company has a good track record of keeping user information safe and has put in place a lot of security measures to stop hackers and keep user information safe.
Lastpass
LastPass is a program that helps you keep track of your login information for all of your online accounts. It’s a useful tool that can save you time and help keep your accounts safe.
One of the best things about LastPass is that it lets you make strong, unique passwords for each account you have. This is important because a security breach is more likely to happen if you use the same password for more than one account. If an attacker gets access to one of your accounts, they might be able to get into all of your other accounts that use the same password.
With LastPass, you can make random, secure passwords for all your accounts, and the password manager will store them in an encrypted format. This means you don’t have to remember all your passwords; you just need to remember your LastPass login information.
LastPass has a number of other security features that can help keep your accounts safe. For example, you can use two-factor authentication to make your login process even more secure. In addition to your password, you’ll need to enter a code that is sent to your phone or email.
Sharing passwords with other people is another useful feature of LastPass. This can be useful for families or small businesses that need to give multiple people access to the same accounts. You can easily share passwords with other people who also have a LastPass account. You can also set permissions to control what they can do with the shared password.
Overall, LastPass is a useful tool for anyone who wants to save time and make their online accounts safer. It’s easy to use and has a number of security features to help protect your login information.