![]() ![]() ![]() To do so, you can use a password generator to create an even stronger one. If you don’t plan on deleting your LastPass account, you should at least pick a new master password, especially if your original one wasn’t complex or unique enough. While LastPass has been one of the best password managers for years now, these recent security incidents show how valuable hacking a company like this can be for an attacker (this is how to delete your LastPass account if you're so inclined). If this is a bit unsettling as a LastPass customer, you may be thinking about deleting your account. Should you delete your LastPass account?Īs reported by BleepingComputer, LastPass’ cloud storage breach is the second security incident disclosed by the company this year after it confirmed back in August that an attacker was able to breach its developer environment using a compromised employee account. LastPass will also never ask you to provide your master password. Touba also points out in his security incident notice that the company will never call, email or text customers or ask them to click on a link to verify their personal information in an effort to keep them safe from potential social engineering or phishing attacks. However, due to the hashing and encryption methods used by the company, this “would be extremely difficult to attempt” – especially for customers who follow its best password practices.Īt the same time, the attacker may try to target LastPass customers through phishing attacks, credential stuffing or other brute force attacks against the online accounts stored in their vaults. While it appears that the passwords and other sensitive data stored by LastPass customers in their vaults is safe for now, Touba did warn that the attacker may try to brute force their master passwords in an attempt to decrypt their stolen vault data. ITWC covers the enterprise IT spectrum, providing news and information for IT professionals aiming to succeed in the Canadian market.It’s also worth noting that LastPass doesn’t know its customers’ master passwords, nor is this information stored or maintained by the company. This section is powered by IT World Canada. The post LastPass hacker got customer information and their encrypted vault data first appeared on IT World Canada. “This incident shows that an experienced attacker can exploit a company’s security vulnerabilities and steal sensitive customer data even if he has initially gained access to a certain part of the corporate infrastructure that is not directly related to this sensitive data,” said Walters. ![]() “Because of the hashing and encryption methods we use to protect our customers, it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best practices,” he maintained. The encryption and decryption of data is performed only on the local LastPass client” of a user. “As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass. “These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture,” Toubba said in a blog. In addition, the hacker also copied an encrypted backup of customer vault data from the encrypted storage container. A hacker accessed a third-party cloud-based storage service LastPass uses to store archived backups of its production data using information gained from an August attack.Īfter further investigation, the company realized that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backups that contained basic customer account information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. His advice comes after LastPass CEO Karim Toubba acknowledged that last August’s data breach was worse than he described earlier this month. It includes creating a strong master password at least 30 characters long, re-encrypting the password vault, and enabling multi-factor authentication (MFA).” LastPass says hackers stole customers’ password vaults TechCrunch LastPass says hackers stole customers’ password vaults It's time to start changing your passwords Zack Whittaker. “I recommend that all users change their master passwords and enforce password security best practices. This advertisement has not loaded yet, but your article continues below. French German Italian Portuguese (Brazil) Dutch Spanish Get LastPass Free. Manage Print Subscription / Tax Receipt Hacker Summer Camp is right around the corner, and were ready for the cybersecurity community to take over Las Vegas. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |