People in financial technology, software programming, and cyber security , and cryptocurrencies are talking about the Lastpass data breach that went public two days ago. The password management company detailed that a breach committed earlier this year allowed hackers to obtain a “backup of a customer’s vault her data.”
Lastpass reveals ‘attackers were also able to copy backups of customers’ Vault data’
December 22, 2022, password management company ‘s Lastpass revealed that an “unknown attacker” compromised the company’s cloud-based storage environment around August 2022. As soon as the news was published, the Lastpass data breachbecame a hot topic on social media. media and forums. Many believe that the situation at Lastpass “may be worse than we let it go.”
LastPass attackers now know every website where passwords are stored and blobs encrypted with only the master password https://t.co/Wdbt6mWe8C https://t.co/HldcJ8DYkK
— SwiftOnSecurity (@SwiftOnSecurity) Dec 22, 2022
Based on information obtained from a previously disclosed incident in August 2022 by an unknown threat actor in a cloud-based storage environment,” Lastpass revealed. The password management company added:
The attacker has encrypted storage in his container that contains unencrypted data stored in a proprietary binary format. From there, he could also copy a backup of his data to the customer’s vault. It includes not only website URLs, but also fully encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.
Lastpass uses the company’s zero-knowledge architectureto determine each user’s master password, where encrypted fields are protected with 256-bit AES encryption. It claims that information can only be decrypted by leveraging it. “As a reminder, his Master Password is never known to, nor is it stored or maintained by, Lastpass,” the company details.
Shortly after Lastpass was hacked and a large number of cryptocurrency wallets were compromised and leaked
“Be your own bank”
No bricks Go Invade & Mortar Establishment, if you want my money geek go for it
— gainzy (@gainzy222) Dec 24, 2022
t seems to convince many critics
but many reports think the situation is worse than Lastpass allows. ing. Reviewgeek.com’s Andrew Heinzman emphasizes in his report, “Stop using Lastpass.” “Even with a strong master password, hackers can still try to phish information from you,” Heinzman wrote. The author added:
For clarity, Lastpass is still investigating this data breach. And after four months of “sorry, it’s worse than we thought,” he’s right to worry that Lastpass doesn’t include all the details. As far as we know, things could get worse. We asked readers to stop using Lastpass in July 2020.
Crypto proponent Udi Wertheimer told people that using Lastpass “attackers probably have a copy of your vault.” I warned you. Wertheimer’s recommendation is the same as her Heinzman recommendation, and digital currency advocates argued that users should “stop using Lastpass.”
“We don’t know how bad things are,” Wertemer added. Don’t change it back to Lastpass.” Additionally, a Twitter user who claimed to have worked as an engineer for the company seven years ago also said that the Lastpass breach situation is a big deal.
“I worked as an engineer at Lastpass a long time ago. Over 7 years ago. I’ll give you my two cents for this situation,” said an individual . is the worst breach Lastpass has experienced.A lot.The main difference is that this time we accessed the customer’s vault which is stored in a completely separate database.”
Image Credits: Shutterstock, Pixabay, Wiki Commons