To Innovation - Breaking Politics, Economics, Crypto & IT News

learn more
Reporting from Watford, UK and LA, US since 1996
learn more

LastPass hack was even bigger than initially thought



Service that offers to keep all eggs in one basket isn't exactly a wise idea



26.Dec.22 10:29 AM
By Abigail Richards
Photo Pinterest

   192

LastPass hack was even bigger than initially thought

Hackers who stole data from password manager LastPass last summer also captured encrypted passwords. The company announced this in a security update on Thursday.

LastPass discovered in August that source code and technical information from its software had been stolen. The theft allegedly occurred at an external storage service that the company used.

LastPass initially reported that no customer data or passwords were captured in the attack. Last month, it turned out that the hackers had stolen usernames, addresses, email addresses, phone numbers and IP addresses. Now it turns out that the hackers also had access to the password vaults via a detour.

According to LastPass, affected users do not have to worry about the passwords that have been stolen. These are encrypted and, according to the company, can only be decrypted with a so-called master password. This does not store LastPass, but users own it themselves.

The password manager does acknowledge that hackers could crack the passwords via a so-called brute force attack. A hacker then uses software that tries different combinations of login names and passwords.

But according to LastPass, cracking a master password set according to the password manager's guidelines and consisting of twelve characters would take millions of years. People who have a shorter password or use it elsewhere are advised to change it.

How many users have been affected is unclear. Users who have not had email should not worry, according to the password manager.



Back to the list


Related Information: