LastPass also shared more details on how the hackers exploited the platform and what did they have access to. Investigation concludes the same (September 15, 2022): LastPass concluded its “investigation and forensics process in partnership with Mandiant” and reiterated that the hackers didn’t have access to customer data or encrypted password vaults.No evidence of customer data compromise (August 25, 2022): LastPass published a notice saying they “detected some unusual activity” but they saw “no evidence that this incident involved any access to customer data or encrypted password vaults.” The company also indicated that it has “deployed containment and mitigation measures” and has launched a detailed investigation into the incident.Now: Customer password vaults were copied by the attacker but don't worry, it will be hard to crack your vault. Next: Okay some customer data was accessed, but not password vaults. What happened with LastPass: A timeline of eventsįirst: We were breached but no customer data was accessed
By simply setting a strong master password you can improve your security significantly (as you will read below).įREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox. But this doesn’t mean you stop using password managers.
Why does this matter: The only thing worse than a data breach is a data breach of a password manager. Password managers are widely used for the convenience they offer of not having to remember the password for every service you’ve signed up with, but this also makes them a honeypot of sensitive information.
Password manager LastPass on December 22 informed that hackers were able to “copy a backup of customer vault data,” which contains “fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.” Hackers can access these encrypted fields if they crack the master password set by the user.
0 kommentar(er)
