Front-page

LastPass hacked for the second time this year, customer data stolen by hacker

asset_upload_file39648_234597.png

If you use LastPass as a secure password-managing service, things might not be as secure as you think. Earlier this year in August, the password keeper disclosed that it had been breached, with an unknown hacker having gained access to LastPass' source code and proprietary data. At the time, the company stressed that despite this, customers were unaffected by the hack, and that their data was safe. Now, for the second time this year, LastPass is having to announce that they have been hacked for a second time this year, and that in this incident, customer data has indeed been accessed and stolen.

According to an internal investigation, that same hacker used the data (cloud storage access and dual storage container decryption keys from August in order to get ahold of a backup of LastPass customer data. This means that the individual was able to access billing addresses, telephone numbers, IP addresses, and email addresses saved to users' accounts. That isn't the end of the breach, though, because the hacker also copied a backup of vault data, which contains the most sensitive info; usernames, passwords, and saved form-field data. LastPass claims that no credit card data was accessed, as the service does not store complete credit card numbers and information.

While the information like email addresses and telephone numbers were not encrypted, the password vaults were, with a 256-bit AES encryption, requiring a special key in the form of a user's master password to access. So despite having this information, LastPass claims that this would make it incredibly difficult for the hacker to actually obtain the data from the customer vault. That being said, there is the potential for someone to either brute force the master password, or eventually decrypt the data.

The threat actor may also target customers with phishing attacks, credential stuffing, or other brute force attacks against online accounts associated with your LastPass vault. In order to protect yourself against social engineering or phishing attacks, it is important to know that LastPass will never call, email, or text you and ask you to click on a link to verify your personal information. Other than when signing into your vault from a LastPass client, LastPass will never ask you for your master password.
Click to expand...

With all this in mind, LastPass says that there isn't a need to take action at this time, unless your master password was not as secure as recommended. This is just the latest in a string of numerous hacks that the password managing service has suffered over the past few years, with incidents taking place in 2015, 2017, and 2019, all resulting in customer data being accessed by hackers.

:arrow: Source
 
  • Like
  • Haha
  • Sad
Reactions: Mama Looigi, noob404, uzimakiuchiha and 11 others
Click to expand...
Kioku

Kioku

猫。子猫です!
Member
Level 25
Joined
Jun 24, 2007
Messages
12,025
Trophies
3
Location
In the Murderbox!
Website
www.twitch.tv
XP
16,200
Country
United States
I_g_o_r said:
Unhackable means that there is no place from which they can be hacked.
Post automatically merged:

Other options are stateless passwords, dynamical passwords, generated on demand passwords.
Click to expand...
I'd rather have a physical security key than the last two password options...
 
I

I_g_o_r

New Member
Newbie
Level 1
Joined
Jan 10, 2023
Messages
3
Trophies
0
Age
49
XP
22
Country
Canada
Kioku_Dreams said:
I'd rather have a physical security key than the last two password options...
Click to expand...
physical security keys can be broken, stolen, damaged, confiscated, etc.

Some of them rely on encryption.
Researchers claim that they can break encryption with 372 qubits quantum computer
IBM has 433 qubits quantum computer
In 2023 IBM will have 1000 qubits quantum computer and promises 4000 qubits quantum computer in 2025.
 
Kioku

Kioku

猫。子猫です!
Member
Level 25
Joined
Jun 24, 2007
Messages
12,025
Trophies
3
Location
In the Murderbox!
Website
www.twitch.tv
XP
16,200
Country
United States
I_g_o_r said:
physical security keys can be broken, stolen, damaged, confiscated, etc.

Some of them rely on encryption.
Researchers claim that they can break encryption with 372 qubits quantum computer
IBM has 433 qubits quantum computer
In 2023 IBM will have 1000 qubits quantum computer and promises 4000 qubits quantum computer in 2025.
Click to expand...
Nothing is "unhackable".. That's kind of the point, ain't it?

Also, what generates "on demand" passwords if not a physical device? Can that not be stolen? There are holes in virtually every security "solution"... Most 2FA can be circumvented just by taking someone's phone...
 
Last edited by Kioku,

Site & Scene News

Go to forum More news

Popular threads in this forum

New static recompiler tool N64Recomp aims to seamlessly modernize N64 games

Nintendo officially confirms Switch successor console, announces Nintendo Direct for next month

Name the Switch successor: what should Nintendo call its new console?

TheFloW releases new PPPwn kernel exploit for PS4, works on firmware 11.00

DOOM has been ported to the retro game console in Persona 5 Royal

Mario Builder 64 is the N64's answer to Super Mario Maker

Delta emulator for iOS will support iPad devices in its next update

Anbernic reveals the RG35XXSP, a GBA SP-inspired retro handheld

General chit-chat
Help Users
  • a_username_that_is_cool @ a_username_that_is_cool:
    DDDS . Dual Developer Dedede System :)
     +1
  • BakerMan @ BakerMan:
    also happy birthday @Xdqwerty
     +1
  • MysticStarlight @ MysticStarlight:
    Hello
  • BigOnYa @ BigOnYa:
    Is it me you're looking for?
  • MysticStarlight @ MysticStarlight:
    'Cause I wonder where you are
  • MysticStarlight @ MysticStarlight:
    wait I got the lyrics mixed up
     +1
  • BigOnYa @ BigOnYa:
    And I wonder what you do...Lol
  • BigOnYa @ BigOnYa:
    Its all good, I'm here to talk to you.
  • BigOnYa @ BigOnYa:
    Hello
  • MysticStarlight @ MysticStarlight:
    It's me
     +1
  • BigOnYa @ BigOnYa:
    I've been playing fallout4 all day, I went into a elevator and it kept going, never stopped, waited 5 minutes, must of been a bug. How bout you, whatcha do today?
     +1
  • MysticStarlight @ MysticStarlight:
    I'm wondering why a stray tuxedo cat has a cloudy eye
  • MysticStarlight @ MysticStarlight:
    I've been playing TOTK all day also
     +1
  • MysticStarlight @ MysticStarlight:
    Oh you reminded me of those elevator nightmares
  • BigOnYa @ BigOnYa:
    Awesome game, fun how they force you to build, but you can build as you want
  • MysticStarlight @ MysticStarlight:
    It is super fun, I actually prefer it over BoTW
     +1
  • BigOnYa @ BigOnYa:
    The guy holding the sign always cracked me up, esp when you fail, and it falls
  • MysticStarlight @ MysticStarlight:
    Ah yes, that guy lol. I still need to find all his signs. The game has a lot to do though so I don't know what to finish first
  • MysticStarlight @ MysticStarlight:
    I'm 120 hours in and am still like 44.4% done
     +1
  • BigOnYa @ BigOnYa:
    Good times. Building is starting to get good around now for you. You making me want to make run thru again.
  • BigOnYa @ BigOnYa:
    Ok good chatting, enjoy your gaming, and avoid the lightning, or put your sword away. Good night.
  • Veho @ Veho:
    https://i.imgur.com/E1U7Nlt.mp4
     +1
  • K3Nv2 @ K3Nv2:
    All I gotta do is not spend $10 in the next 5 days and I'll break even this month lol
  • K3Nv2 @ K3Nv2:
    @BigOnYa, tell your wife not to forget her wallet
     +1
  • K3Nv2 @ K3Nv2:
    https://youtu.be/YMAa6obDNZs?si=rymChLKeTdyS8nqk
    K3Nv2 @ K3Nv2: https://youtu.be/YMAa6obDNZs?si=rymChLKeTdyS8nqk