![]() Fortunately, there are plenty of other superb password managers out there that can reliably protect your important information. An initial investigation determined that the hackers managed to steal customer vaults, essentially databases containing all of. If you’re a LastPass customer, it might be better to find an alternative app. LastPass first reported suffering a data breach in November 2022. On November 30, 2022, LastPass informed customers that it detected unusual activity within a third-party cloud storage service shared with its affiliate, GoTo, formerly LogMeIn. Nothing has been published on the company blog either. LastPass security breach leaked customer data. That will only make it more difficult for users (and the wider world) to find out what happened and hardly seems to be done in the spirit of transparency and accountability. Right now, LastPass is apparently trying to hide its attack support pages from search engines by adding “” code to the pages. In fact, one security company went so far as to say that LastPass was not a trustworthy app and that users to switch to different password managers. In the December 22 update, Toubba explains how the threat actor was able to 'access and decrypt some storage volumes' from the cloud-based. LastPass has come in for plenty of criticism over its handling of the attacks in recent months, and that disapproval is unlikely to die down in light of the latest revelations. LastPass customer data vaults stolen by threat actor. In the end, the company realized something was wrong when its AWS GuardDuty Alerts system warned it that someone was trying to use its Cloud Identity and Access Management roles to perform unauthorized activity. On a support page, LastPass said the way the second attack was carried out - by using genuine employee login details - made it difficult to detect. As well as that, it seems numerous products apart from LastPass were also breached. That included backups of LastPass’s multi-factor authentication database, API secrets, customer metadata, configuration data, and more. That said, plenty of important data was taken by the threat actors. When the hackers stole LastPass data, they were unable to get these decryption keys because they were not stored anywhere by LastPass. That means they were encrypted with a key derived from each user’s master password and unknown to LastPass. In an update published on the LastPass blog, CEO Karim Toubba said that the threat actors used cloud storage keys stolen from a LastPass employee to access and exfiltrate customer vault data. If that’s too much trouble, at least change the ones that really matter. Luckily for LastPass users, it seems that customers’ most sensitive data - such as (most) email addresses and passwords - were encrypted using a zero-knowledge method. Next, change every other password you’ve stored in LastPass. A LastPass support page details exactly what was stolen. Where you go from here depends on whether you remember your master password. ![]() A large amount of sensitive customer data was also stolen, although it appears the hackers were not able to decrypt it. That’s important because LastPass kept production backups and critical database backups in the cloud. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |