Hackers hit Lastpass again ! This is the second hack in less than a year for the password manager. They would have succeeded in access user data and to steal sensitive information. Despite Lastpass' efforts to enhance security, the hackers managed to find a loophole and to get into the system.
It is important that users take extra steps to ensure that they are protect against computer attacksThe number of these people is constantly increasing.
The management of the computer password manager has carried out a investigation to determine if the hackers succeeded or simply attempted to access this sensitive data. The results of this survey will be released soon.
The platform was keen to reassure its users that their passwords are safe from malicious threats. It has put in place measures to protect personal data against attacks and the fraudulent e-mails.
This is yet another blow to LastPass and its parent company Goto.
The third-party cloud service was not named as such, but rumors still suggest that it would be Amazon's cloud.
On November 30, LastPass said it detected "anomalous activity" at the cloud storage service.
The attackers may have accessed customer information but CEO Karim Toubba remains vague. The amount of data involved remains unknown for now.
The company would like to reassure its users and states: " Our customers' passwords remain encrypted and secure thanks to the Zero Knowledge architecture ".
GoTo and LogMeIn also hacked?
The breach would actually come from a common storage service to both companies.
GoTo, formerly known as LogMeIn acquired LastPass in 2015. Thus, the platform explained that it was also conducting investigations on its own as there is no doubt that its own customers (of GoTO and LogMeIn) may also have been affected by the attack.
This method ensures that only users can read the information they store in their safes.
LastPass also said it has enlisted the help of cybersecurity specialist Mandiantas part of its risk management program and notified law enforcement of the malicious access.
"As always, we will keep you updated as soon as we know more," she added.
Karim Toubba has nevertheless specified via a blog post that :
"customer passwords remain securely encrypted".
Exploiting the attack of others
This is the second time a password manager is hacked in the year 2022. This time, hackers have taken advantage of a data theft dating back to last August. The invasion of the application's source code is made possible by the fraudulent use of the developer's workstation. However, LastPass keeps its development and production environments separate for obvious security reasons. This limits the possibility of large-scale destruction...
However, loopholes are still likely to occur.
The major problem that most password managers face is that data is stored online, making it more easily accessible to hackers.
The hackers would have had access to confidential data
According to the latest information, the password storage company, now claims that the hackers were able to copy data backups from customer safes. In other words, this means they are likely to have access to more items. Lastpass says that if their customers have a strong master password with up-to-date default settings, then they are safe. Conversely, for those with less secure passwords, they are advised by the platform to change them.
The unquantified data are probably the most worrisomeThis is because they contain URLs, which can give hackers an idea of which sites users have accounts on. This information can be dangerous when combined with phishing or other types of attacksif they decide to target specific users.
Lastpass said the safe deposit box backups were not initially compromised last August.
Threat actors have used the information from this breach to attack employees who had access to third-party cloud storage services. This includes items such as the company name, user name, billing address, email address, phone number as well as IP address from which the customer accesses the LastPass service. Toubba said the company is taking precautionary measures in response to the initial and secondary breaches that exposed the backups.
That's why Legapass thought that data storage should absolutely remain offline.
Thus, we are able toensure absolute protection of your accesses and this until their return since they are kept in safes disconnected from the internet (therefore offline).
➡️ Your confidential codes are protected by a high level of security, thanks to our zero access" architecture.
➡️ Your data is encrypted as soon as it is saved and remain confidential until they are transmitted to your heirs.
So don't wait any longer to open an account !