![]() ![]() The company has taken several steps to address the issue and provide security for its customers. ![]() However, LastPass advises customers to remain vigilant against brute force, credential stuffing, or other phishing attacks on accounts associated with their LastPass vaults. LastPass has assured its customers that it would be challenging for them to do so because of the encryption methods used to secure the data. The threat actor may attempt to guess customer master passwords using brute force to decrypt copies of vault data they obtained. The encryption key is derived from the user's master password via LastPass' Zero Knowledge architecture. The threat actor can only decrypt them with a unique encryption key. The data is stored in a proprietary binary format, and the encrypted fields are protected by 256-bit AES encryption. In addition to the unencrypted data, encrypted sensitive information, like usernames and passwords, secure notes, and form-filled. The threat actor copied a backup of the production data, including unencrypted data, such as URLs. However, the actor copied customer account information, including email addresses, company names, billing addresses, telephone numbers, end-user names, and IP addresses. This allowed the threat actor to obtain credentials and keys to access and decrypt storage volumes within the cloud storage service.Īccording to LastPass, the cloud storage service accessed by the threat actor is physically separate from the production environment. According to the company's investigation, a threat actor accessed the cloud storage environment in August 2022 with information obtained from an earlier incident.Īlthough the threat actor did not access customer data in the August incident, some source code and technical information were stolen and used to target another employee. LastPass, a popular password manager, announced that an unauthorized party accessed the company's archived backups of its production data on a third-party cloud-based storage service. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |