Search

LastPass Says Hackers Stole Customer Data, Encrypted Passwords in Breach That Occured in August

In August, LastPass said it had seen no evidence that hackers had access to customer data or encrypted password vaults.

Advertisement
Highlights
  • LastPass said that the initial breach had happened in August
  • It does not store the master password created by users
  • LastPass has hired cybersecurity firm Mandiant to investigate the breach
LastPass Says Hackers Stole Customer Data, Encrypted Passwords in Breach That Occured in August

Hackers were able to copy email addresses, IP addresses from which customers accessed LastPass

Photo Credit: LastPass

LastPass, a password management service, announced on Thursday that hackers stole encrypted copies of customer passwords and other sensitive data such as billing addresses, phone numbers and IP addresses. The announcement is the latest update from a breach that occurred in August. At that time, the company said they had seen no evidence that the hackers had access to customer data or encrypted password vaults.

But the company's statement on Thursday said that source code and technical information that were stolen as part of that hack was used to target another employee. The hackers were then able to obtain credentials and keys to access and decrypt data stored on a third-party cloud storage space.

They were able to copy such things as basic customer account information, including email addresses and the IP addresses from which customers accessed LastPass, and “fully-encrypted sensitive fields such as website usernames and passwords, secure notes and form-filled data.”

Password managers are a way for customers to store usernames and passwords in one place and can be accessed using a master password that a customer creates. The master password isn't known to LastPass nor is stored or maintained by the company, it said in its statement.

The other encrypted data can only be decrypted “with a unique encryption key derived from each user's master password,” the company said.

Nonetheless, LastPass warned customers that they could be targeted for social engineering, phishing attempts or other methods.

“The threat actor may attempt to use brute force to guess your master password and decrypt the copies of vault data they took,” the company said in a statement. “Because of the hashing and encryption methods we use to protect our customers, it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best practices.”

For those who follow LastPass's password guidance, “it would take millions of years to guess your master password using generally available password-cracking technology,” the company said.

A representative for LastPass didn't respond to messages seeking comment.

The company said that it has hired the cybersecurity firm Mandiant to investigate the breach. It also said that it is rebuilding its entire development environment from scratch, an indication that hackers had thoroughly comprised the company's sensitive systems.

LastPass said that its investigation is ongoing, and that it has notified law enforcement and “relevant regulatory authorities.”

© 2022 Bloomberg L.P.


Where did Realme go wrong with the 10 Pro+ 5G? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: LastPass, LastPass Hack, cyberattack
 
Show Full Article
Please wait...
Advertisement

Related Stories

Popular Mobile Brands
  1. OnePlus Teases Launch of New Tablet in India, Will Arrive on This Date
  2. Redmi Note 15 Pro+, iQOO Z10 Specifications Tipped Ahead of Debut
  3. OnePlus Could Unveil a Compact Flagship Tablet Alongside the OnePlus 15T
  4. Vodafone Idea (Vi) Gives Extra Benefits With These Prepaid Plans: Report
  5. Google Pixel 10 Pro Design Officially Revealed Ahead of August 20 Launch
  6. AirPods Production in India Faces Setback as China Restricts Exports: Report
  7. Vivo Y50m 5G, Vivo Y50 5G With 6,000mAh Battery Launched: All Details
  8. Oppo K13 Turbo, K13 Turbo Pro With Inbuilt Fan, 7,000mAh Battery Launched
  9. Asus Vivobook 14 Launched in India With 14-Inch Screen, Snapdragon X Chip
  10. Nokia Is Looking for Manufacturing Partners as HMD License Ends in 2026
  1. Nokia Exploring New Manufacturing Partnerships Ahead of HMD License Expiry in 2026
  2. Gemini, ChatGPT Achieve Gold Medal-Level Scores in International Math Olympiad
  3. AirPods Production in India Faces Setback as China Restricts Rare Earth Metal Exports: Report
  4. Gmail Begins Testing Large, Expandable Shopping Ads via Promotions Tab: Report
  5. Moto 360 (2025) Alleged Renders Offer Early Look at Design; Suggests a Familiar Round Display
  6. Google Pixel 10 Leaked Design Renders Show New Colour Options, Telephoto Rear Camera
  7. Google Chrome for iOS Gets Seamless Account Switching Between Personal and Work Profiles
  8. Pixel 10 Pro Design Officially Revealed Ahead of August 20 Launch; Google Store Offer Teased
  9. Algae-Grown Bioplastic Passes Mars Pressure Test, Boosting Hopes for Red Planet Habitats
  10. NASA Tests Modular Satellite Tech to Cut Launch Costs and Speed Missions
Gadgets 360 is available in
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »