Hence the user’s master password is unknown to LastPass. According to Toubba, LastPass does not store the master password on its systems or maintain it. Some of the Stolen Data is “Safely Encrypted”įortunately, the company says that they secured the encrypted data with 256-bit AES encryption and one needs a unique encryption key linked to each user’s master password to decrypt it. Lastpass stored it in a proprietary binary format containing unencrypted data (such as website URLs) and fully encrypted sensitive fields (like website usernames and passwords, form-filled data, and secure notes). The attackers also copied a customer vault data backup from the encrypted storage container. Then, they linked metadata including end-user names, company names, billing addresses, telephone numbers, email addresses, and the IP addresses the customers used for accessing the LastPass service,” Toubba said. “The hackers copied information from the backup containing basic customer account information. The attackers stole the “dual storage container decryption keys and cloud storage access key” from its developer environment and gained access to Lastpass’ cloud storage. Toubba recently added that LastPass used the cloud service to store production data’s archived backups. The story followed a previous update when Karim Toubba, the company’s CEO, announced that the threat actors accessed “certain elements” of the customer information. LastPass recently revealed that cybercriminals stole customer vault data after gaining unauthorized access to its cloud storage earlier this year through stolen information during an August 2022 incident. If you have a LastPass account, which you use to store login information and passwords, or you previously had one that you did not delete, your password vault might be in hackers’ hands.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |