LastPass admits a hack compromised customers’ passwords

21


Usually, password managers are one of the best ways to increase the security of your online accounts. It is indeed a question of storing everything in a space encrypted by a particularly strong master password. But while the first versions of these password managers such as 1Password only worked locally, the whole industry has moved to the cloud for a few years.

This poses real security risks. Risks become very real to LastPass customers. In early August 2022, the firm revealed that it had been the victim of a hack. An unauthorized person gained access to part of the LastPass development environment using a compromised developer account. The firm then assumed that the hackers had stolen portions of the company’s proprietary code, as well as technical information.

Hackers successfully stole LastPass customers’ secure vaults, firm admits

Nothing too serious, we thought then. Then in November LastPass revealed to have been targeted by a new hack. This time, an intrusion into the company’s systems, facilitated by the August hack, would have given hackers access to “certain customer data” without further details. The firm, however, seemed to ensure that no really sensitive data such as credit card numbers had leaked.

However, a few hours before the Christmas weekend, LastPass announces yet another very bad news with a new press release. Karim Toubba, CEO of the company, explains:

“The hacker was also able to copy a backup of customer vault data from an encrypted storage space, data stored in a proprietary binary format that contains both unencrypted data such as internet site addresses web, as well as much more sensitive fully encrypted fields such as passwords and site IDs, secure notes, and pre-fill data”.

According to the official, therefore, the hackers are in possession of potentially all of the customers’ secure password vaults. However, the most sensitive data contained by the latter remains encrypted according to the firm – and protected by the master password of the safe. As long as this password is complex, and is not reused elsewhere, the probability that it will be broken by hackers remains quite low.

However, there is one caveat: it is impossible to say with certainty that the data stolen by hackers is really as secure by encryption as the company claims. LastPass assures that the default settings for vaults “should” protect them from hackers (the conditional is part of the official statement).

In addition, accounts opened before 2018 are likely to be less secure. And the “unencrypted” part of the stolen data immediately gives an idea of ​​the accounts that hackers can try to hack first. That’s why it’s recommended that you change your passwords if you’ve put everything into LastPass.

In addition, LastPass can be criticized for its reaction to the attack: the absence of additional information since November, and this press release three days before Christmas when the major IT departments of companies are downsized due to the holidays do nothing to restore confidence. This is why we also recommend that you consider a competitor password manager to secure your accounts.

It is possible to easily export your entire LastPass password database and import it to a new service.

NordVPN
Leave A Reply

Your email address will not be published.

seo markt best tool url adsense ads malker notin blog features gries grow home tools unlock Bilgisayarda ekran görüntüsü alma programları sırasıyla aşağıdadır. İş gününüzü çok daha verimli hale getirmenizi sağlayacak En İyi Ekran Yakalama Yazılım Araçları: Birkaç yıl önce, ekran görüntüleri o kadar popüler değildi. Sadece ekrandaki hata mesajını paylaşmak için kullanıldı. Ancak günümüzde ekran görüntüleri günlük hayatımızda rutin olarak ve yaygın olarak kullanılmaktadır. Örneğin , sosyal medyadaki komik bir mesajın veya gönderinin fotoğrafını çekmek. Öğrenciler ayrıca eğitim amacıyla bir makalenin anlık görüntüsünü alırlar. Ekranda garip bir şey gördüğünüzü kanıtlamak için Anlık Görüntü veya Ekran Görüntüsü gereklidir. Mockup ekran tasarımları da ekran görüntüsü olarak müşterilerle paylaşılmaktadır. Görüntüyü veya ekranı yakalamak için tüm sistemlerde bir baskı ekranı düğmesi bulunur, ancak belirli sınırlamaları vardır. Baskı ekranı seçeneğini kullanarak yakalanan görüntüye metin, oklar ve vurgulayıcılar eklemek sıkıcı bir iştir. Snipping Tool (Windows): Windows işletim sistemlerinde built-in olarak bulunan bir ekran görüntüsü alma aracıdır. Kullanımı oldukça basittir ve seçilen alanı, pencere veya tam ekran görüntüsü olarak alabilirsiniz. Lightshot (Windows, Mac, Linux): Bu program, kolay kullanımı ve hızlı erişimi ile popülerdir. Ayrıca, alınan görüntüleri düzenlemek ve paylaşmak için birden çok seçenek sunar. Greenshot (Windows): Bu program, seçilen alanı veya tam ekranı almak için kullanılabilir. Ayrıca, alınan görüntüleri düzenlemek ve paylaşmak için birden çok seçenek sunar. web adsense picture images home tools wosgroup any trouble