LastPass admits 'attackers have users' passwords', all details inside
Password locker Lastpass warns customers to change their passwords of all important websites to protect their access from hackers who have stolen their passwords from Lastpass's cloud.
By ET Spotlight Special |
Agencies
In August 2022, Lastpass, the password locker, saw unknown attackers access their systems and copy their customer's data. That included their passwords, usernames, company names, etc., along with their IP addresses from where the customers accessed the password locker company services.
Lastpass has also confirmed that the customer's vault was copied with all their details. The data theft occurred when miscreants could access some information on source codes from Lastpass' development department. With the theft of source codes, another employee was targeted, and they could steal credentials and keys to open storage volumes stored in the cloud belonging to Lastpass.
The clients' data are stored in a file in binary format, including both encrypted and unencrypted data like website URLs, website usernames, passwords, etc.
The fully encrypted data is protected by 256-bit AES encryption that can be decrypted with the unique encryption key provided to the customers in their master password.
Lastpass believes that even though the hackers have the customers' data due to the 256-bit encryption, it would need millions of years to derive the master passwords. However, there are always some customers who don't select a "good password" and re-use old passwords, which are easy to decrypt. They are the ones who need to immediately change their passwords at important locations like online banks etc. before the thieves access them. (Lastpass advice to individuals and business users).
Lastpass has also confirmed that the customer's vault was copied with all their details. The data theft occurred when miscreants could access some information on source codes from Lastpass' development department. With the theft of source codes, another employee was targeted, and they could steal credentials and keys to open storage volumes stored in the cloud belonging to Lastpass.
The clients' data are stored in a file in binary format, including both encrypted and unencrypted data like website URLs, website usernames, passwords, etc.
The fully encrypted data is protected by 256-bit AES encryption that can be decrypted with the unique encryption key provided to the customers in their master password.
Lastpass believes that even though the hackers have the customers' data due to the 256-bit encryption, it would need millions of years to derive the master passwords. However, there are always some customers who don't select a "good password" and re-use old passwords, which are easy to decrypt. They are the ones who need to immediately change their passwords at important locations like online banks etc. before the thieves access them. (Lastpass advice to individuals and business users).
ADVERTISEMENT
Other sensitive information other than passwords is stored in vaults, which could land in the wrong hands if the customers have secured them with weak passwords. Lastpass has revamped its systems since the theft and has added extra protections.FAQs:
- Where did the biggest online theft happen?
Coincheck Crypto Heist-$534 million stolen by North Korean hackers in 2018. - When did the British Bank robbery in Lebanon happen?
1976-$44.5 million in cash plush gold bars, jewels, etc.
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
ADVERTISEMENT
