Home » » LastPass confirms customer password vaults were stolen

LastPass confirms customer password vaults were stolen

No comments

The data breach incident that hit password manager LastPass earlier this year saw the thieves crooks steal encrypted password vaults belonging customers, the company has confirmed.

The password vault is where people keep their passwords, so should the attackers find a way to decrypt the vaults, they’d be able to read all of the passwords saved in there.

In an update published on the LastPass blog, CEO Karim Toubba said that the threat actors used cloud storage keys stolen from a LastPass employee to access and exfiltrate customer vault data. The data stolen is a combination of encrypted intelligence - password vaults, and unencrypted information - vault-stored web addresses, names, email addresses, phone numbers, and in some cases - billing information.

Master password secure

The good news is that the password vaults are stored in a “proprietary binary format”, meaning that it’s close to impossible to actually read the contents. For that, the attackers would need the customer’s master password, which no one but the user (hopefully) knows. LastPass claims not to know this info. 

“These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture,” Toubba said. “As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass.”

Read more

> These are the best ID theft protection tools around

 > Here's our LastPass review

 > LastPass hacked: Should you be worried about your passwords?

Still, the company warned cybercriminals “may attempt to use brute force to guess your master password and decrypt the copies of vault data they took,” which could be a problem if the users created weak and easy-to-guess master passwords. 

For those worried their master password might be cracked, the best thing to do right now would be to change it to something more resilient. If you have reason to believe the contents of your vault might be compromised, then changing the passwords is the only way to stay safe (aside from setting up multi-factor authentication whenever possible). 



from TechRadar - All the latest technology news https://ift.tt/hPUJQpC
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us