, password manager app Lastpass announced on Thursday the most recent intrusion was much more damaging than initially reported with the attackers having made off with users' password vaults in some cases. That means the thieves have people's entire collections of encrypted personal data, if not the immediate method to unlock them.
"No customer data was accessed during the August 2022 incident," LastPass CEO Karim Toubba, explained. However, some of the app's source code was lifted and then used to spearphish a Lastpass employee into giving up their access credentials, then used those keys to decrypt and copy off,"some storage volumes within the cloud-based storage service."
Among the encrypted data obtained by the hackers included basic customer account information like company names, billing, email and IP addresses; and telephone numbers, Toubba continued."These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture," Toubba said.
Seems it wouldn't be too hard to sell customer data on the dark web and then frame it as a data breach. 🤔
serrebi Yep. I wonder how many more customers are switching over to Bitwarden.
Stash them offline 🔒
When you trust the only part of your personal security that you can control to a black box in someone else's building, you have no control over your own security.
this is why i moved to Bitwarden years ago and never looked back
LastPass has a bad rep since years. I would never trust my PW to a shady company like this.
Singapore Singapore Latest News, Singapore Singapore Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: engadget - 🏆 276. / 63 Read more »