LastPass Confirms Hackers Got User Passwords
Miscellaneous / / April 05, 2023
Previously, this information was refuted. It's time to check everything, change the master password or choose another service.
Representatives of one of the most popular password storage services LastPass stated that previously this year, cybercriminals stole his clients' encrypted password vaults. About it writes tech crunch.
In an updated company blog post about the leak informed LastPass CEO Karim Tubba. He noted that the attackers obtained a copy of the backup customer data storage using cloud service keys stolen from a LastPass employee.
The client password store cache is stored in a "proprietary binary format" that contains both unencrypted and encrypted data, but the technical and security details of this format are not indicated. How fresh the stolen backups were is also not reported.
LastPass said the customer's password vaults are encrypted and can only be unlocked with the customer's master password, which is known only to the customer. But the company warned that the cybercriminals behind the attack "may try to exploit brute force to guess your master password and decrypt copies of the vault data they got".
Tubba added that cybercriminals also got a huge amount of data about customers, including their names, email addresses, phone numbers and some payment information.
The best thing you can do as a LastPass customer is to change your current master password to a new one unique (or passphrase) that is recorded and stored in a secure place, the representative added service.
If you think your LastPass password vault may have been compromised, for example, if your the master password is not strong or you have used it elsewhere - you should start changing the passwords stored in last pass. Start with the most important accountsâemail, bank accounts, and social media profiles.
Read alsođ§
- Top 10 password managers according to Lifehacker