It is highly recommended to use settings that exceed the LastPass default. LastPass users should definitely change their master password and all passwords stored in their vault. That shouldn’t be too hard for a seasoned hacker. If your master password is not strong, hackers can try to brute force the system to compromise your master password. LastPass does not save that master password, so in the meantime, your passwords should be safe as long as only you know the master key. In order to decrypt the encrypted passwords, an encryption key derived from the user’s master password is needed. That’s pretty bad, but it could have been worse. But the most sensitive data, namely passwords and usernames, was fully encrypted, and therefore unusable by the attackers. In simple English, this means that the attackers got hold of personal data like websites that you had passwords saved for, and other identifiable consumer information, like IP addresses. ![]() “The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.” ![]() In the latest update revealed by LastPass this week, the company disclosed that the attack uncovered in August did actually reach the password vaults. That made some consumers even more trusting of password managers who thought that even in the case of a breach, personal data was safe with LastPass. LastPass disclosed a security breach in August, and until this week, users still thought that their most sensitive information was protected. Or would you rely on built-in primary providers of password management like Google, Apple, and Microsoft? Using third-party password managers like LastPass, sometimes thought to be more robust and secure than operating system password managers?
0 Comments
Leave a Reply. |