LastPass is a password manager that stores usernames and credentials in ‘vaults’. In August of this year, LastPass reported an incident where a third party accessed the development environment without affecting the database, but unfortunately, LastPass confirms that the attacker stole part of the code to access the information stored in the cloud.The cybercriminal made a copy of the existing backup, moreover, said duplicate contained basic user information. Among the stolen data were usernames and companies, billings, emails, IP addresses and phone numbers. Although the data is protected with 256-bit ‘AES’ encryption, hackers accessed unencrypted and sensitive data (such as website usernames, passwords, secure notes, and completed forms).
LastPass says there is “no evidence” that any unencrypted credit card data was accessed, and says its system doesn’t store full numbers. On the other hand, Karim Toubba (CEO of LastPass) explains that they “routinely test the latest password cracking technologies against their algorithms to improve cryptographic controls“.Toubba warns that the cybercientists could launch attacks phishing to try to decrypt the stolen data that they cannot access due to the protection system.
The password manager stresses that it will never contact its customers via phone calls, emails, or text messages to verify personal information via a link. He also encourages users to change master password to avoid possible cyberattacks. Sign up for our newsletter and receive the latest technology news in your email.