LastPass was the target of a hacker attack in early December in which customer information was lost. Now the company is revealing more details.
LastPass, the world’s hugely popular password manager, has become the target of a hacker attack – again. It was only in August that hackers gained access to the company’s developer tools. The provider assures that no customer information was lost in the process.
At the beginning of December, i.e. already about three weeks ago, a second attack was reported, which was only possible on the basis of the scammed information from August. This time, certain customer information was stolen
What exactly was stolen?
The certain customer information
is the following data:
- Company names
- User names
- Invoice addresses
- Email addresses
- IP addresses
- Phone numbers
- Website URLs
- Encrypted website passwords and usernames (256-bit AES)
LastPass assures that no payment information, such as credit card numbers, has been stolen However, as can be seen, the stolen data is quite explosive and communication to customers is being questioned
The backup that the hackers copied also contains usernames and passwords for websites, but these are heavily encrypted and should be secure. The master password is not stored at LastPass, but it does not preclude the hackers from trying to guess it from the other stolen data.
Furthermore, with the data, the attackers are able to launch phishing attacks on customers and impersonate LastPass, for example, in order to obtain the master password.
What should you do as a customer?
If you use a secure master password on LastPass, your data should be safe because, according to the company,it would take millions of years
to guess one. If you use a less secure password and you also use it on other websites, then it is strongly recommended that you change all passwords for the saved websites as soon as possible
As for phishing attacks: LastPass will never ask you for your master password or ask you to match private data. How such a phishing scam can go down and what you can do about it!
The high popularity of LastPass unfortunately makes it a popular target of such attacks. Its competitors have had far fewer security issues reported in the past. For those who want to switch, here are five alternatives:
Do you use a password manager yourself or do you have security concerns about it? Write us your opinion in the comments