Password manager with 25MILLION users breached in mysterious cyber attack

ONE of the world’s most popular password managers has been hacked by cyber crooks.

LastPass, which has 25million users, confirmed the breach on Monday, although user data was apparently not affected.

One of the world's most popular password managers has been hacked

1

One of the world’s most popular password managers has been hackedCredit: Getty

That means the millions of passwords stored on the service were not accessed by the attackers, according to the company.

Instead, source code and “proprietary technical information” was pinched in the breach, LastPass CEO Karim Toubba said.

That’s not great news for the company itself and could open it up to further cyber attacks in future.

I’m a primary school teacher…the things I can’t stand kids bringing to school
I doubled my annual income thanks to my side hustle and made £99k in a year

However, it means that its users’ passwords are safe for now.

That’s thanks to the fact that users’ master passwords are never stored on the company’s servers.

Those are the credentials that people use to access their LastPass accounts.

“LastPass can never know or gain access to our customers’ master password,” Toubba said.

“This incident did not compromise your master password.”

As such, LastPass says that no action is required by users in regard to their password vaults.

LastPass said that it has assigned a leading cybersecurity and forensics firm to investigate the matter.

It added that there is no evidence of further malicious activity.

Password managers have rocketed in popularity in recent years, with Apple, Google and other tech giants all operating their own versions.

They make it easy to use unique strong passwords across multiple accounts, which is a key first step to staying secure online.

However, their rising popularity has made the services a big target for hackers.

Breaking into a password manager’s servers could theoretically give attackers access to every password to your accounts.

Experts advised LastPass users to activate multi-factor authentication (MFA) settings to ensure that their accounts are safe.

That adds an extra layer of security by requiring you to type in, for example, a code sent by text or email whenever you log in to your account.

Tom Davison, a mobile security expert at cyber firm Lookout, told InformationSecurityBuzz: “It does not appear that user data or password vaults have been compromised in this case, however source code was confirmed stolen and attackers will be looking hard for potential weaknesses to exploit.

“LastPass users should stay vigilant, follow the news and watch for any unusual activity or login notifications across their accounts.

I’m a primary school teacher…the things I can’t stand kids bringing to school
I doubled my annual income thanks to my side hustle and made £99k in a year

“It is really important to configure all of the available MFA settings provided by LastPass, including the use of an authenticator app to secure logins.

“For most users, additional MFA confirmations will be done via a mobile device – it is vital that this is secured too.”

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…


We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]


For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.