People in financial tech, software programming, cybersecurity, and cryptocurrencies are talking about the Lastpass data breach that went public two days ago. The password management company detailed that a breach committed earlier this year allowed hackers to obtain a “backup of a customer’s vault her data.”
Lastpass reveals ‘attackers were also able to copy backups of customers’ Vault data’
On December 22, 2022, password management company Lastpass disclosed An “unknown attacker” compromised the company’s cloud-based storage environment around August 2022. As soon as this news broke, the Lastpass data breach became a hot topic. topical discussion on social media and forums.crowd of people believe That last pass situation “may be worse than they let on”.
LastPass attackers now know all websites where passwords are stored and blobs encrypted only by the master password https://t.co/Wdbt6mWe8C https://t.co/HldcJ8DYkK
—SwiftOnSecurity (@SwiftOnSecurity) December 22, 2022
“Based on our investigations to date, we have learned that an unknown threat actor accessed our cloud-based storage environment using information obtained from our previously disclosed incident in August 2022,” Lastpass said. clarified. The password management company added:
The attackers were also able to copy backups of customer vault data from encrypted storage containers. This storage container is stored in a proprietary binary format that contains both unencrypted data such as website URLs and fully encrypted sensitive fields such as website usernames. Passwords, secure notes, form-filled data.
Lastpass claims that encrypted fields are protected with 256-bit AES encryption and that information can only be decrypted by leveraging each user’s master password using their corporate password. zero-knowledge architecture“As a reminder, your Master Password is never known to Lastpass and is not stored or maintained by Lastpass,” the company details.
Immediately after Lastpass was hacked and a large amount of cryptocurrency wallets were infiltrated and leaked
“Be Your Own Bank”
If you want my funds, break into a brick and mortar facility.
— Gainzy (@gainzy222) December 24, 2022
Lastpass’ security comforts don’t seem to convince many critics
However, some report We believe the situation is worse than Lastpass allows. Reviewgeek.com’s Andrew Heinzman stresses in his report, “Stop using Lastpass.” “Even if a strong master he uses passwords, hackers can still try to phish information from you,” Heinzman writes. The author added:
For clarity, Lastpass is still investigating this data breach. And after four months of ‘sorry, it’s worse than we thought’, it’s natural for customers to worry that Lastpass doesn’t have all the details. As long as there is, things could get worse. We asked our readers to stop using Lastpass in July 2020.
Crypto supporter Woody Wertheimer warned With Lastpass, people think ‘the attacker probably has a copy of your vault’. Wertheimer’s recommendation is the same as his Heinzman recommendation, with digital currency proponents arguing that users should “stop using Lastpass.”
“We don’t know how bad things are,” says Wertheimer. Added“DO NOT CHANGE PASSWORDS BACK TO LASTPASS AS ATTACKERS MAY HAVE CONTINUOUS ACCESS.” also said that the Lastpass breach situation is a big deal.
“I worked at Lastpass a long time ago as an engineer. Over 7 years ago. My two cents on the situation,” said an individual. Said“This is the worst breach Lastpass has ever experienced.
What are your thoughts on the Lastpass data breach and the speculation that it’s worse than Lastpass lets on? Let us know what you think about this in the comments section below.
image credit: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is for informational purposes only. This is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any product, service or company. Bitcoin.com It is not intended to provide investment, tax, legal or accounting advice. NEITHER THE COMPANY NOR THE AUTHOR WILL BE LIABLE, DIRECTLY OR INDIRECTLY, FOR ANY DAMAGE OR LOSS ARISING OR ALLEGED TO OCCUR ARISING OUT OF OR RELATING TO YOUR USE OF OR RELIANCE ON ANY CONTENT, PRODUCTS OR SERVICES DESCRIBED IN THIS ARTICLE. We are not responsible.
