LastPass estimates it would take "millions of years" to guess your master password - if you've followed its best practices. Though the most sensitive data is encrypted, the problem is that the threat actor can run "brute force" attacks on those stolen local files. But if you're a LastPass subscriber, you need to operate under the assumption that your user and vault data are in the hands of an unauthorized party with ill intentions. The company didn't specify how many users were affected, and LastPass didn't respond to CNET's request for additional comment on the breach. At the very least, you need to change all of the passwords you have stored with LastPass right away if you haven't already. Toubba vowed to make things right for customers and promised more effective communication going forward while adding that the company has "not seen any threat-actor activity since October 26, 2022."Įven so, if you're a LastPass subscriber, the severity of this breach should have you looking for a different password manager, because your passwords and personal data can still be at serious risk of being exposed. In the meantime, LastPass has wrapped up an "exhaustive investigation" into the breach, according to a blog post published by Toubba on Wednesday, March 1, that updates customers on what actions the company has taken in the wake of the breach.
That same unauthorized party was also able to steal customer vault data, which includes unencrypted data like website URLs as well as encrypted data like the usernames and passwords for all the sites that LastPass users have stored in their vaults. The unauthorized party was able to gain access to unencrypted customer account information like LastPass usernames, company names, billing addresses, email addresses, phone numbers and IP addresses, according to Toubba. The breach is the latest in a lengthy and troubling string of security incidents involving LastPass, which date back to 2011. 22, LastPass CEO Karim Toubba acknowledged in a blog post that a security incident the company first disclosed in August eventually paved the way for an "unauthorized party" to steal customer account information and sensitive vault data.
LastPass, one of the world's most popular password managers, suffered a major data breach in 2022 that compromised users' personal data and put their online passwords and other sensitive information at risk.
0 kommentar(er)
