LastPass: Hackers Stole Customers’ Password Vaults, Breach Worse Than Initially Thought

 

This past August witnessed a breach at LastPass, one of the most well-known password manager services available. The harm caused by the unidentified hackers is significantly worse than was initially believed, according to the company. Passwords should be changed immediately by users. LastPass stated that “only” the company’s source code and confidential information were compromised in the initial report on the data breach event that was detected in August. 
Passwords and user information remained clean and secure. The hostile actors were able to access some users’ data as well, according to a subsequent security notification on the same issue. The hat in black According to LastPass, hackers were able to access the cloud storage and decrypt the dual storage container keys. 
By copying a backup that contained “basic customer account data and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,” they were able to further undermine the platform’s security.
The encrypted storage container, which holds customer vault data in a proprietary binary format, also allowed the cybercriminals to replicate a backup of that data. The container contains both encrypted and unencrypted information, including sensitive areas like online usernames and passwords, secu

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: