a The main hack It appears that LastPass affecting the password management giant is much worse than first thought. In announcing the update two days before Christmas, LastPass CEO Karim Tuba admitted that the attackers were able to successfully back up customers’ vault data. With this data in hand, attackers could gain access to users’ entire collection of passwords and other data stored with LastPass if they could find a way to guess the user’s master password.
In an effort to prevent an immediate spike in heart attacks, Toba warned that it would be “extremely difficult” to force guess master passwords for customers using the company’s default settings and best practices. For those users, it could take attackers “millions of years” to crack those codes using “publicly available password-cracking technology,” according to the CEO. LastPass says it should not have access to users’ master passwords.
This comforting reassurance does not necessarily apply to users with weaker master passwords. In these cases, LastPass advised users to go in and change the passwords for all the websites they stored It can mean a hard, tedious day frantically waiting for account information to be reset. Although strong master passwords can be difficult to guess, even the strongest passwords can be vulnerable if they are used inappropriately. Another previously hacked site. none Shortage Previously cracked passwords found on dark web markets. Affected LastPass customers may also find themselves inundated with spam phishing attempts trying to trick them into unwittingly handing over their keys to the kingdom.
In addition to passwords, Toba said the stolen vault data includes “fully encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data,” along with unencrypted URLs. Advanced attacks, edge NotesThe information conveyed through the sites a user visits can be used to craft more convincing phishing campaigns.
LastPass did not immediately respond to Gizmodo’s request for comment.
For a company whose core service revolves around collecting and protecting passwords in one secure place, this is about as bad as it gets. LastPass first a statement Recent attacks in a blog post late last month. At the time, the company said surreptitiously that the attacker was able to access “certain elements” of “customer information,” without providing further details. The company went on to say that customer passwords were not affected by the incident Technically speaking True, but as we now know, it only tells part of the story.
Making matters worse, this latest hack appears to have been became possible With a previous accident that occurred only six months ago. In this case, the company says the attacker appeared to have stolen “source code and technical information” from its development environment and used it to target an employee to obtain their credentials.
See, in a digital world that requires users to maintain dozens upon dozens of credentials, password managers are increasingly becoming a security necessity. At the same time, this high concentration of sensitive information makes password manager sites Some of the most mouth watering foods out there targets for bad actors. LastPass We should have seen this coming These details should have been disclosed to clients sooner if the results were available.
#Yikes #Hackers #access #LastPass #users #password #lockers