Encrypted LastPass password vaults stolen by hackers
Just as many US workers are leaving for a holiday break, the company reveals encrypted passwords were targeted in the hack.
LastPass has released a doozy of an update regarding a recent data breach: the company now claims that hackers were able to "copy a backup of customer vault data," meaning that they now theoretically have access to all of those passwords if they can crack the stolen vaults.
According to the company, if you currently use LastPass to store your passwords and login information, or if you previously used the service but hadn't deleted your account before this fall, hackers may have access to your password vault. However, having a strong master password and its most recent default settings might constitute a safety net.
Changing the passwords for each website that you trusted LastPass to store might be a necessity.
Even though LastPass claims that the master password for the account still protects passwords, considering how it has handled previous releases, it is difficult to merely believe what it says at this point.
The corporation stated that it didn't think customer data had been accessed when it first disclosed the hack in August. Then, in November, LastPass claimed to have discovered an intrusion that probably used data obtained in the August incident. It would have been wonderful to learn about this possibility between August and November.
Someone was able to "get access to certain parts" of consumer data thanks to the intrusion. It turned out that those "certain aspects" were the most crucial and private information stored by LastPass.
Although the company claims there is "no evidence that any unencrypted credit card data was obtained," that would likely have been preferable to what the hackers actually got away with.
On his account, LastPass CEO Karim Toubba affirmed that a threat actor has stolen customer password vaults.
“The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data,” he detailed.
The unencrypted data is perhaps more worrisome because it contains URLs, which could reveal to hackers the websites one has accounts with. When paired with phishing or other sorts of assaults, that information may be quite effective if they choose to target specific users.
As a result of the initial breach and the subsequent breach that revealed the backups, according to Toubba, the company is taking a variety of precautions. These precautions include increasing logging to identify suspicious activity going forward, rebuilding its development environment, rotating credentials, and more.