LastPass Hackers obtained customer data vaults in recent data breach

Share post:

LastPass, a popular password manager, admitted to a data breach in August 2022, during which hackers gained access to their names, addresses, and data vaults.

In a nutshell, LastPass concluded that the attackers were successful in installing malware on the computer of a developer. However, LastPass has changed its tune, stating that the cloud storage service is now used to store archived backups of production data.

“To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,” a LastPass blog post reads.

The hacker also made a copy of customer vault data, which is “stored in a proprietary binary format,” according to the company. Some vault data is not encrypted, such as website URLs. Other information, such as usernames and passwords, is “secured with 256-bit AES encryption,” according to the company, and cannot be decrypted by hackers.

While the company claims that the hackers would be extremely unlikely to decrypt the data, it warns users that they may be targeted by phishing or social engineering attacks.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways