LastPass Hackers obtained customer data vaults in recent data breach

Share post:

LastPass, a popular password manager, admitted to a data breach in August 2022, during which hackers gained access to their names, addresses, and data vaults.

In a nutshell, LastPass concluded that the attackers were successful in installing malware on the computer of a developer. However, LastPass has changed its tune, stating that the cloud storage service is now used to store archived backups of production data.

“To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,” a LastPass blog post reads.

The hacker also made a copy of customer vault data, which is “stored in a proprietary binary format,” according to the company. Some vault data is not encrypted, such as website URLs. Other information, such as usernames and passwords, is “secured with 256-bit AES encryption,” according to the company, and cannot be decrypted by hackers.

While the company claims that the hackers would be extremely unlikely to decrypt the data, it warns users that they may be targeted by phishing or social engineering attacks.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs



Related articles

Gartner debunks myths undermining cybersecurity success

Henrique Teixeira, Senior Director Analyst at Gartner, and Leigh McMullen, Distinguished VP Analyst at Gartner, highlighted and disproved...

Toyota discloses customer data breach

Toyota has disclosed that customer information from Japan and other countries in Asia and Oceania was publicly available...

Critical Vulnerability found in MOVEit

Progress Software has warned about a critical vulnerability in its popular file-transfer software, MOVEit, which could allow malicious...

Canadian Defence Minister concerned over increasing cyberattacks

Canadian Defence Minister Anita Anand has issued a warning that the country's key infrastructure is more vulnerable to...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways