The Lastpass hack was worse than the company first reported | Engadget

After being hacked for the second time in as many years this August, password manager app Lastpass announced on Thursday the most recent intrusion was much more damaging than initially reported with the attackers having made off with users’ password vaults in some cases. That means the thieves have people’s entire collections of encrypted personal data, if not the immediate method to unlock them.

“No customer data was accessed during the August 2022 incident,” LastPass CEO Karim Toubba, explained. However, some of the app’s source code was lifted and then used to spearphish a Lastpass employee into giving up their access credentials, then used those keys to decrypt and copy off, “some storage volumes within the cloud-based storage service.”

Among the encrypted data obtained by the hackers included basic customer account information like company names, billing, email and IP addresses; and telephone numbers, Toubba continued. “These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture,” Toubba said. “As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass.” 

Still, you’re going to take the company’s word for it? I’m not. It’ll be a pain but swapping out all of your various existing site passwords for new ones — as well as picking a new master password — might ultimately prove necessary to regain your online security. Or you could just tell Lastpass to go kick rocks and switch over to 1Password or Bitwarden.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.