Tux Machines

LastPass Cracked

Posted by Roy Schestowitz on Dec 24, 2022

Shows/Videos: Facial Recognition, Bad Advice Linux Users Give New Users, and Hackaday Podcast

Today in Techrights

LastPass Password Vaults Stolen By Hackers—Change Your Master Password Now

↺ LastPass Password Vaults Stolen By Hackers—Change Your Master Password Now

> LastPass CEO, Karim Toubba, has confirmed that a threat actor has stolen customer password vaults. This follows a disclosure in August that an unauthorized party had successfully hacked development servers and stolen source code and some LastPass technical information. At that time, Toubba said there was no evidence of customer data or password vaults being accessed. Fast forward to the end of November, and LastPass stated information obtained during that earlier compromise had enabled a threat actor to access "certain elements" of customer data within a third-party cloud storage service. Again, it was stressed that customer passwords remained "safely encrypted." In a Forbes report published December 1, a security expert explained it was unclear what information had been obtained by the attacker. Now, it would appear we know. And it doesn't make for very reassuring reading.

LastPass users: Your info and password vault data are now in hackers’ hands | Ars Technica

↺ LastPass users: Your info and password vault data are now in hackers’ hands | Ars Technica

> LastPass, one of the leading password managers, said that hackers obtained a wealth of personal information belonging to its customers as well as encrypted and cryptographically hashed passwords and other data stored in customer vaults.

> The revelation, posted on Thursday, represents a dramatic update to a breach LastPass disclosed in August. At the time, the company said that a threat actor gained unauthorized access through a single compromised developer account to portions of the password manager's development environment and "took portions of source code and some proprietary LastPass technical information." The company said at the time that customers’ master passwords, encrypted passwords, personal information, and other data stored in customer accounts weren't affected.

Hackers stole encrypted LastPass password vaults, and we’re just now hearing about it - The Verge

↺ Hackers stole encrypted LastPass password vaults, and we’re just now hearing about it - The Verge

> Last month, the company announced that threat actors had accessed “certain elements” of customer info. Just as many US workers are leaving for a holiday break, the company reveals that meant their encrypted passwords.

gemini.tuxmachines.org