• Ar
  • Es
Al Mayadeen English

Slogan

  • News
    • Politics
    • Economy
    • Sports
    • Arts&Culture
    • Health
    • Miscellaneous
    • Technology
    • Environment
  • Articles
    • Opinion
    • Analysis
    • Blog
    • Feature
  • Videos
  • Infographs
  • In Pictures
  • • LIVE
News
  • Politics
  • Economy
  • Sports
  • Arts&Culture
  • Health
  • Miscellaneous
  • Technology
  • Environment
Articles
  • Opinion
  • Analysis
  • Blog
  • Feature
Videos
Infographs
In Pictures
  1. Home
  2. News
  3. US & Canada
  4. Encrypted LastPass password vaults stolen by hackers
US & Canada

Encrypted LastPass password vaults stolen by hackers

  • By Al Mayadeen English
  • Source: Tech Crunch
  • 24 Dec 2022 12:01

Just as many US workers are leaving for a holiday break, the company reveals encrypted passwords were targeted in the hack.

  • LastPass hacker stole customer password vaults. (GETTY IMAGES)
    LastPass (GETTY IMAGES)

LastPass has released a doozy of an update regarding a recent data breach: the company now claims that hackers were able to "copy a backup of customer vault data," meaning that they now theoretically have access to all of those passwords if they can crack the stolen vaults.

According to the company, if you currently use LastPass to store your passwords and login information, or if you previously used the service but hadn't deleted your account before this fall, hackers may have access to your password vault. However, having a strong master password and its most recent default settings might constitute a safety net.

Changing the passwords for each website that you trusted LastPass to store might be a necessity.

Even though LastPass claims that the master password for the account still protects passwords, considering how it has handled previous releases, it is difficult to merely believe what it says at this point.

The corporation stated that it didn't think customer data had been accessed when it first disclosed the hack in August. Then, in November, LastPass claimed to have discovered an intrusion that probably used data obtained in the August incident. It would have been wonderful to learn about this possibility between August and November.

Someone was able to "get access to certain parts" of consumer data thanks to the intrusion. It turned out that those "certain aspects" were the most crucial and private information stored by LastPass.

Although the company claims there is "no evidence that any unencrypted credit card data was obtained," that would likely have been preferable to what the hackers actually got away with. 

On his account, LastPass CEO Karim Toubba affirmed that a threat actor has stolen customer password vaults.

“The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data,” he detailed.

The unencrypted data is perhaps more worrisome because it contains URLs, which could reveal to hackers the websites one has accounts with. When paired with phishing or other sorts of assaults, that information may be quite effective if they choose to target specific users.

As a result of the initial breach and the subsequent breach that revealed the backups, according to Toubba, the company is taking a variety of precautions. These precautions include increasing logging to identify suspicious activity going forward, rebuilding its development environment, rotating credentials, and more.

  • LastPass
  • hackers
  • LastPass CEO
  • unencrypted data

Trending Now

All
Hackers taking advantage of the "Bridge" problem

How hackers take advantage of the 'Bridge' problem

Most Read

Ukrainian President Volodymyr Zelensky speaks at a press conference on 25, February, 2022. (AFP)

Kiev unable to launch counteroffensive: Zelensky

  • Europe
  • 25 Mar
Europe's move has only increased Putin’s esteem outside the West -- but estimation of Europe’s political nous and understanding of Russia, however, is sharply diminished.

Lawfare Comes into Fashion: The New Geo-political ‘Rack’

  • Analysis
  • 25 Mar
President Joe Biden listens as German Chancellor Olaf Scholz speaks during a meeting in the Oval Office of the White House in Washington, Friday, March 3, 2023 (AP).

Hersh: Nord Stream explosion decision possibly 'anger' or 'punishment

  • US & Canada
  • 25 Mar
Crewmen enter Bradley fighting vehicles at a US military base at an undisclosed location in Northeastern Syria, on November 11, 2019 (AP)

US occupation bases under fire in Syria for second day in a row

  • MENA
  • 24 Mar

Read this

All
SDF and US troops in occupied Al Hasakah, Syria. (Reuters)
MENA

ISIS stole US arms in Syria, Iraq: The Intercept

  • 31 Mar
US military vehicle is seen on a patrol in the countryside near the town of Qamishli, Syria, December 4, 2022 (AP)
MENA

6 US occupation troops suffer 'traumatic brain injuries' in Syria: DoD

  • Today
A woman walks by a money exchange shop decorated with different countries currency banknotes at Central, a business district in Hong Kong, Aug. 6, 2019 (AP Photo/Kin Cheung)
Europe

New BRICS currency underway: State Duma Deputy Chairman

  • Today
President Joe Biden speaks alongside Secretary of State Antony Blinken during a Summit for Democracy virtual plenary in the South Court Auditorium on the White House campus, March 29, 2023, in Washington, DC, United States (AP)
Latin America

Brazil not to sign Summit for Democracy declaration against Russia

  • Today
Al Mayadeen English

Al Mayadeen is an Arab Independent Media Satellite Channel.

All Rights Reserved

  • Privacy Policy
  • About Us
  • Contact Us
  • Authors
Android
iOS