Joseph Henry, Tech Times

LastPass shares some of the details of the latest server breach that hit the company. According to the password manager creator, the leak is something that is serious to deal with and it's very bad to start with.

LastPass Reveals Details About December Hack

LastPass Highlights How Worse is the Latest Server Breach
(Photo : Pixabay from Pexels)
LastPass reveals that hackers have gained access to backup customer vault data during the most recent breach.

Just three days before Christmas, LastPass released a notice of a recent security incident regarding the breach that took over its storage service.

According to a report by Mashable on Monday, Dec. 26, the company mentioned in its initial investigation that the cybercriminals managed to enter the system and obtained access to the "development environment."

At that time, LastPass said that no password vaults were hacked. Since then, the company issued several updates for the breach. However, it was discovered that the threat actors might have obtained some information from the "backup customer vault data."

The third-party cloud-based database reportedly contains URLs, passwords, usernames, and other sensitive information that the users enter upon visiting a website.

LastPass added that the confidential fields can exclusively get decrypted by using the company's Zero Knowledge architecture. There's no way anyone can easily hack it without mastering this technology.

It Would Take Millions of Years to Decode a Password

Strengthening the privacy measure of an entity or a person is LastPass's priority. By relying on a 12-character master password, a person who wants to access the file could not easily hack it.

However, it's not the daily case for professional hackers who have enough tools to get through it. LastPass says that some actors make use of numerous combinations via a special software.

Moreover, LastPass also notes in its blog post that it would take millions of years for a person to guess the master password through the "generally-available password-cracking technology."

Still, it's always important to be wary of potential online threats that might be just lurking on the internet. LastPass reminds its customers to be extra careful when clicking suspicious links from unknown sources. 

Usually, these hackers send a malicious file in the form of phishing attacks and impersonate the company as a legit sender of the email.

Related Article: Password Manager 'LastPass' Confirms Hackers had Four Days of Internal Access to the Company's Systems

What LastPass Recommends to the Users

LastPass points out that customers have no actions to take at this time if they are using the default settings of the password manager.

To minimize the impact of the security breach, it's important for the customers to change their passwords stored in the storage. This applies to users who do not rely on the default settings.

LastPass also clarifies that the company does not send email or call the customers regarding their sensitive information such as password or username.

If ever you receive this kind of email in your inbox, refrain from clicking it because it might be a phishing scheme.

Read Also: LastPass Investigates Another Security Incident, Exposes Customers' Information

Joseph Henry

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: LastPass Password Manager Cybersecurity Hacking Security Breach
Join the Discussion