HomeBreaking NewsLast Pass says hackers stole customers' password vaults

Last Pass says hackers stole customers’ password vaults

Last Pass experienced data breaches in August and November 2022, which compromised private client data.
According to a statement released by LastPass. The August hack involved the theft of source code and technical data from LastPass’ development environment. Which was then utilised to target a worker. In November 2022, the hacker was able to utilise these credentials and keys to log into LastPass’ third-party cloud storage service. The hostile actor was able to decode a few storage volumes inside the storage service using the keys.
The number of impacted clients has not yet been disclosed.
Following the data’s decryption, the hacker gained access to and copied data from a cloud backup. That contained “basic customer account information and related metadata”. Such as company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. The number of impacted clients has not yet been disclosed.
The hacker was also able to copy a backup of customer vault data from the encrypted storage container. Which is stored in a proprietary binary format and contains both unencrypted data, such as website URLs, and fully-encrypted sensitive fields, such as website usernames and passwords, secure notes, and form-filled data,” according to LastPass.

Also read:Tory Lanez found guilty on all charges in shooting of Megan Thee Stallion

The password management firm assured its clients that their encrypted data was secure by stating that all encrypted files are still protected using 256-bit AES encryption. Which means that in order to unlock them, a special encryption key created from each user’s password is required. This lessens the likelihood of a hack because LastPass does not know, save, or retain user master passwords.
In the wake of the assault, LastPass advised its users to be cautious of social engineering or phishing attacks. It also mentioned that even though the business used encryption. Hashing techniques to safeguard client data, hostile actors might try “brute force” tactics to figure out users’ master passwords and decode the copies of the vault data they acquired.

Most Popular