LastPass

LastPass Says Hackers Stole Customer’s Data and Passwords

LastPass has released a doozy of an update regarding a recent data breach. The company now claims that hackers were able to “copy a backup of customer vault data,” meaning they now theoretically have access to all of those passcodes if they can crack the stolen vaults.

LastPass
Image Source: forbes.com

LastPass has acknowledged that hackers stole user password vaults that were encrypted as well as other private information. This is the most recent information provided by the corporation concerning a security incident involving the theft of the platform’s source code, which was initially revealed in August 2022.

Once obtained, source code provides hackers with a better understanding of closed systems and increases a platform’s susceptibility to attacks. By first acquiring source code and technical information from the firm back in August, the hacker was able to gain access to LastPass.

The attacker then used the information they had obtained to hack a LastPass employee, steal their security codes, and access files stored on the company’s cloud storage service.

According to LastPass, it has reset all companywide corporate login credentials in reaction to the breach. Although LastPass does not expressly state this, it is obvious that users must take steps to protect their account information. Users are advised to update any passwords they have on the platform.

The company noted, “We are also performing an exhaustive analysis of every account with signs of any suspicious activity within our cloud storage service, adding additional safeguards within this environment.” There is, however, ample proof that not everyone uses the optimal password procedures. One’s entire data is at risk if they have an easily cracked master password.

Additionally, according to LastPass, the hackers would attempt to access users’ accounts by “phishing attacks, credential stuffing, or other brute force attacks”. Do not click on any links in emails requesting personal information that purport to be from LastPass. It is advised that one immediately change their master password if it is brief, simple to guess, or contains information about you that is readily available online to prevent additional account vulnerability.

The minimum suggested length for master passwords is 12 characters. Additionally, it is advised against using the master password on some other websites. LastPass asserts that users who have safe master passwords need not be concerned, but advises those who have not complied with the suggestions to “consider minimizing risk by changing passwords of websites you have stored.”

Concerned users may want to think about changing any important passwords kept in their vault and turning on two-factor authentication for the relevant online accounts. The CEO of the company, Karim Toubba, claimed in a new blog article that hackers got access to other “credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service.”

The IP addresses from which clients were using the LastPass service, as well as corporate names, end-user identities, mailing addresses, email addresses, and phone numbers, were also stolen by hackers. The most alarming fact is that they were also able to “copy a backup of customer vault data from the encrypted storage container.”