Skip to main content

LastPass confirms customer password vaults were stolen

The data breach incident that hit password manager LastPass earlier this year saw the thieves crooks steal encrypted password vaults belonging customers, the company has confirmed.

The password vault is where people keep their passwords, so should the attackers find a way to decrypt the vaults, they’d be able to read all of the passwords saved in there.

In an update published on the LastPass blog, CEO Karim Toubba said that the threat actors used cloud storage keys stolen from a LastPass employee to access and exfiltrate customer vault data. The data stolen is a combination of encrypted intelligence - password vaults, and unencrypted information - vault-stored web addresses, names, email addresses, phone numbers, and in some cases - billing information.

Master password secure

The good news is that the password vaults are stored in a “proprietary binary format”, meaning that it’s close to impossible to actually read the contents. For that, the attackers would need the customer’s master password, which no one but the user (hopefully) knows. LastPass claims not to know this info. 

“These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture,” Toubba said. “As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass.”

Still, the company warned cybercriminals “may attempt to use brute force to guess your master password and decrypt the copies of vault data they took,” which could be a problem if the users created weak and easy-to-guess master passwords. 

For those worried their master password might be cracked, the best thing to do right now would be to change it to something more resilient. If you have reason to believe the contents of your vault might be compromised, then changing the passwords is the only way to stay safe (aside from setting up multi-factor authentication whenever possible). 



Source: TechRadar

Popular posts from this blog

The hidden cost of food delivery

Noah Lichtenstein Contributor Share on Twitter Noah Lichtenstein is the founder and managing partner of Crossover , a diversified private technology fund backed by institutional investors, technology execs and professional athletes and entertainers. More posts by this contributor What Studying Students Teaches Us About Great Apps I’ll admit it: When it comes to food, I’m lazy. There are dozens of great dining options within a few blocks of my home, yet I still end up ordering food through delivery apps four or five times per week. With the growing coronavirus pandemic closing restaurants and consumers self-isolating, it is likely we will see a spike in food delivery much like the 20% jump China reported during the peak of its crisis. With the food delivery sector rocketing toward a projected $365 billion by the end of the decade, I’m clearly not the only one turning to delivery apps even before the pandemic hit. Thanks to technology (and VC funding) we can get a ri

Technics EAH-AZ60 review: Contending in stunning fashion

Technics serves notice that everyone should notice these earbuds. Technics ventured into the wireless earbuds category to go after the big dogs in the race. Think of the likes of Sony, Bose, and Sennheiser on sound quality, as well as the best you can find on design and functionality. It's a combination that comes at a price, but if done right, it gets easier to justify spending more. That's the case Technics makes with its EAH-Z60 earbuds. Its newest pair aims to take what the company has done in the past and make it even better. The results are easy to like and are significant enough to consider them as serious contenders. Technics EAH-AZ60 review: Price and availability What's good What's not good The competition Should you buy? At a glance Technics EAH-AZ60 Bottom line: Technics didn't just do one thing right with the EAH-AZ60. It covered almost the whole gamut of what makes wireless earbuds feel and sound exceptional. As a result, the p

iOS 14 Favorites Widget: How to Make a Replacement With Shortcuts

In iOS 14 , Apple overhauled widgets and introduced an option for adding ‌widgets‌ to the Home Screen , but in the process, a well-loved Favorites widget that existed in iOS 13 was removed. The Favorites widget let users set certain contacts and contact methods as favorites that were easily accessible, so you could, for example, add a favorite option for messaging Eric or calling Dan, with those actions executed with a tap. Why the Favorites widget was removed is a mystery and it could be a simple oversight with Apple planning to reintroduce it later, but for now, those who relied on the widget can recreate its functionality with Shortcuts. It takes some effort, but it may be worth the time investment if you often relied on your Favorites. Creating a Favorites Shortcut Making a shortcut that replicates the behavior of the Favorites widget isn't too tough, but if you want multiple favorite options, you'll need to create a separate shortcut for each one in the Shortcuts

Top Stories: Apple Event Preview, iPad Pro With M4 Chip Rumor, New Beats Headphones, and More

It's been a long time since the last one, but an Apple event is finally right around the corner! While it's anticipated to be a fairly short pre-recorded affair, we're expecting to see the first updates to the iPad lineup in over a year and half, so make sure to tune in to see what Apple has in store. Other news and rumors this week included a couple of product introductions from Apple's Beats brand, a roundup of rumors about updates to Apple's stock apps coming in iOS 18, and more changes to Apple's policies in the EU related to the Digital Markets Act, so read on below for all the details! What to Expect From the May 7 Apple Event Apple's first event of 2024 kicks off on Tuesday, May 7, at 7 a.m. Pacific Time, and we've put together our usual pre-event guide outlining what we're expecting to see on Tuesday. Several new products are expected to be unveiled, including two new iPad Pro models, two new iPad Air models, an updated Apple Pencil,