In early December, LastPass suffered the second attack of the year that put the security of users who use this service on the ropes. Now the company reported yesterday that the recent intrusions have caused more damage what thought at first.
[Esta app promete traer la privacidad del iPhone a tu Android, bloqueando el rastreo de las apps]
All encrypted user data stolen
As reported by Engadget, the received attack managed to reach users’ “safes” or password vaults in some cases.
In other words, those who carried out the attack on LastPass came subtract entire collections encrypted personal data.
Last pass
The free Android
In any case, Karim Toubba, CEO of LastPass, confirmed that customer data was not accessed during the August 2022 incident, although the the source code of the application has been stolen so that through the phishing technique they gained access to the credentials of an employee of the company.
With these keys in hand, they were able to break into cloud servers to obtain large volumes of data. This encrypted data stolen by hackers includes basic customer information such as company names, billing, emails, phone numbers and IP addresses.
Last pass
The free Android
Toubba maintains that this data obtained is secure under 256-bit AES encryption, since the user’s master password is required to access it. Since the master key never passes or is stored in LastPass, it would be supposed to be kept safe.
However, this is information given by the company, and according to its latest interventions, it recommend changing all passwords of websites, just like the master key.
