![]() To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. I’m not a security expert so I’ll let LastPass better explain what’s happening. Thankfully, those master password’s are not stored by LastPass, so as long as the hacker is unable to brute force into the vault (guessing a correct password), most sensitive user data should remain safe. For a hacker, it could be the mother lode.Īccording to LastPass, these vaults are encrypted with some serious security, meaning nothing should be able to access this stolen data with exception to a user’s master password. ![]() We’re talking account usernames, passwords, banking information, and everything else. That vault data is what contains everything a user might store with the service. However, due to that hack, a subsequent event recently took place in which the hacker was able to compromise a LassPass employee’s account and gain access to much, much more.Īs detailed by LastPass, someone has been able to gain access to encrypted backup copies of customer vault data. At that time, the hack wasn’t exactly newsworthy for us (we’re just an Android blog), as LastPass said that a hacker merely gained access to a developer test environment and some source code. Detailed in a blog post this week, new information is being released that is tied to a hack that took place earlier this year. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |