Every LastPass user is at risk and they are silentĪt the moment the ONLY thing stopping the hackers from decrypting a LastPass customer’s data is the customer’s master password which is used to generate the encryption key for that particular account. It essentially shows the hackers all the websites that you access using LastPass and if the websites are interesting enough they can make you a target. As much as most of it is still encrypted, the data that is not which they highlighted as URLs is still pretty valuable data. So essentially the hackers were able to access ALL the customer data. The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data. To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. Lastpass, one of the most popular password manager providers suffered a data breach that exposed data for their 33 million customers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |