Product reviews, deals and the latest tech news

Hackers stole users’ password vaults, according to LastPass

Unfortunately, the security issue that LastPass disclosed in August is far more severe than first assumed. According to LastPass, hackers were able to access encrypted client password vaults and other data by using information stolen in the prior attack.

The newest update from the password manager states that hackers were able to “download a backup of client vault data from the encrypted storage container,” which included both plaintext information like links and password-protected fields like login credentials, secure notes, and pre-filled forms.

According to an August statement from LastPass, no client information was lost despite hackers gaining access to the company’s development environment. Some months later, the corporation admitted that “some aspects” of client data had been compromised.

The account of a LastPass developer was compromised after malicious actors acquired access to the company’s source code and other technical data. The breach led to the hackers stealing encrypted copies of user password vaults.

The encrypted password vaults will protect users’ data from hackers since only the account owners know the master passwords. LastPass’s Zero Knowledge design ensures that your master passwords remain safe from even the firm.

On the other hand, LastPass has issued a warning to its users that the hackers “may try to use brute force to guess your master password and decrypt the copies of vault data they obtained.” Given that the vaults storing the passwords are probably already in the hands of the bad guys, this is not surprising.

The hackers were able to access the password vaults, but they also acquired access to a goldmine of other data, such as names, email addresses, phone numbers, and even some billing information. Users at risk of having their compromised LastPass accounts used in “phishing attempts, credential stuffing, or other brute force attacks on online accounts”

This security issue serves as a timely reminder that no password manager is completely impenetrable. Don’t use the same password for every account you have online. When this happens, LastPass suggests you change your master password immediately and only use it with LastPass. More ideally, you should use two-factor authentication to further fortify your account security by switching over your existing LastPass master password for a completely new one.