-
LastPass Faces Data Breach; Company Says No Passwords Taken: Details26 August 2022 -
LastPass Issues Fix for Critical Bug That Could Expose Password Credentials16 September 2019
-
Password Managers Have a Security Flaw, but You Should Still Use One: Report20 February 2019
-
Free Software to Download and Install on Your New Windows PC13 February 2018
-
Google Says Apps Shouldn't Use Accessibility Services Unless Meant for Differently-Abled13 November 2017
- Home
- Internet
- Internet News
- LastPass Says Hackers Stole Customer Data, Encrypted Passwords in Breach That Occured in August
LastPass Says Hackers Stole Customer Data, Encrypted Passwords in Breach That Occured in August
In August, LastPass said it had seen no evidence that hackers had access to customer data or encrypted password vaults.
By William Turton, Bloomberg | Updated: 23 December 2022 10:30 IST
Photo Credit: LastPass
Hackers were able to copy email addresses, IP addresses from which customers accessed LastPass
Advertisement
LastPass, a password management service, announced on Thursday that hackers stole encrypted copies of customer passwords and other sensitive data such as billing addresses, phone numbers and IP addresses. The announcement is the latest update from a breach that occurred in August. At that time, the company said they had seen no evidence that the hackers had access to customer data or encrypted password vaults.
But the company's statement on Thursday said that source code and technical information that were stolen as part of that hack was used to target another employee. The hackers were then able to obtain credentials and keys to access and decrypt data stored on a third-party cloud storage space.
They were able to copy such things as basic customer account information, including email addresses and the IP addresses from which customers accessed LastPass, and “fully-encrypted sensitive fields such as website usernames and passwords, secure notes and form-filled data.”
Password managers are a way for customers to store usernames and passwords in one place and can be accessed using a master password that a customer creates. The master password isn't known to LastPass nor is stored or maintained by the company, it said in its statement.
The other encrypted data can only be decrypted “with a unique encryption key derived from each user's master password,” the company said.
Nonetheless, LastPass warned customers that they could be targeted for social engineering, phishing attempts or other methods.
“The threat actor may attempt to use brute force to guess your master password and decrypt the copies of vault data they took,” the company said in a statement. “Because of the hashing and encryption methods we use to protect our customers, it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best practices.”
For those who follow LastPass's password guidance, “it would take millions of years to guess your master password using generally available password-cracking technology,” the company said.
A representative for LastPass didn't respond to messages seeking comment.
The company said that it has hired the cybersecurity firm Mandiant to investigate the breach. It also said that it is rebuilding its entire development environment from scratch, an indication that hackers had thoroughly comprised the company's sensitive systems.
LastPass said that its investigation is ongoing, and that it has notified law enforcement and “relevant regulatory authorities.”
© 2022 Bloomberg L.P.
Where did Realme go wrong with the 10 Pro+ 5G? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.
Related Stories
LastPass Says Hackers Stole Customer Data, Encrypted Passwords in Breach That Occured in August
Advertisement
Follow Us
-
03:19
Gadgets 360 With Technical Guruji: Something About the Nothing Ear, Ear (a) -
19:21
Gadgets 360 With Technical Guruji: Samsung's New AI Smart TVs, Nothing Ear -
05:23
Gadgets 360 With Technical Guruji: Samsung's New AI Smart TVs -
01:17
Gadgets 360 With Technical Guruji: Tech Tip [April 20, 2024] -
02:05
Gadgets 360 With Technical Guruji: Ask TG [April 20, 2024]
Advertisement
Popular on Gadgets
- AI
- iPhone 16 Leaks
- Apple Vision Pro
- Oneplus 12
- iPhone 14
- Apple iPhone 15
- OnePlus Nord CE 3 Lite 5G
- iPhone 13
- Xiaomi 14 Pro
- Oppo Find N3
- Tecno Spark Go (2023)
- Realme V30
- Best Phones Under 25000
- Samsung Galaxy S24 Series
- Cryptocurrency
- iQoo 12
- Samsung Galaxy S24 Ultra
- Giottus
- Samsung Galaxy Z Flip 5
- Apple 'Scary Fast'
- Housefull 5
- GoPro Hero 12 Black Review
- Invincible Season 2
- JioGlass
- HD Ready TV
- Laptop Under 50000
- Smartwatch Under 10000
- Latest Mobile Phones
- Compare Phones
Latest Gadgets
- iQOO Z9x
- iQOO Z9
- HMD Pulse
- HMD Pulse+
- HMD Pulse Pro
- Realme Narzo 70x 5G
- Realme Narzo 70 5G
- Samsung Galaxy C55
- Lenovo IdeaPad Pro 5i
- Asus ZenBook Duo 2024 (UX8406)
- Realme Pad 2 Wi-Fi
- Redmi Pad Pro
- boAt Storm Call 3
- Lava ProWatch Zn
- Samsung Samsung Neo QLED 8K Smart TV QN800D
- Samsung Neo QLED 4K Smart TV (QN90D)
- Sony PlayStation 5 Slim Digital Edition
- Sony PlayStation 5 Slim
- Lloyd 1.5 Ton 3 Star Inverter Split AC (GLS18I3FOSEW)
- Haier 1.5 Ton 3 Star Triple Inverter Split AC (HSU18K-PYSS3BN-INV)
- About Us
- Sitemaps
- Feedback
- Archives
- Contact Us
- RSS
- Advertise
- Career
- Privacy Policy
- Ethics
- Editorial Policy
- Terms & Conditions
- Complaint Redressal
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
