![]() “As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass. “These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture,” LastPass CEO Karim Toubba had said. The vaults themselves are encrypted, however, meaning the crooks will not have such an easy time reading their contents. However, the company said that it had engaged a leading cybersecurity and forensics firm, and its investigation was ongoing. An initial investigation determined that the hackers managed to steal customer vaults, essentially databases containing all of their passwords. LastPass claimed that the breach was limited to their development environment, and that no customer information or users’ password vault data had been compromised. On Wednesday, LastPass announced it was investigating the. LastPass first reported suffering a data breach in November 2022. The data breach LastPass suffered in August enabled a hacker to infiltrate the company again and steal customer information. In 2022, the password manager LastPass indicated being victim of a security breach multiple times, and unfortunately hackers obtained user information. The affected customers are being reached out to directly, Srinivasan confirmed. The CEO also said the company is migrating affected accounts onto an enhanced Identity Management Platform to provide additional security and more robust authentication and login-based security options. While all of the account passwords were salted and hashed “in accordance with best practices”, GoTo still reset the passwords (opens in new tab) of affected users, and had them reauthorize MFA settings, where possible. > LastPass is being sued following major cyberattack ![]() > LastPass confirms customer password vaults were stolen LastPass CEO Karim Toubba announced Wednesday that the company detected. ![]() ![]() Check out the best business password managers today (opens in new tab) LastPass, a major password manager, says it has suffered its second breach in three months by the same unauthorized party. ![]()
0 Comments
Leave a Reply. |