Contrary to what its officials announced in early December 2022, the hackers who attacked LastPass managed to seize the private data of certain users of the service.
Its leaders admitted at the beginning of December 2022, LastPass was the victim of yet another intrusion last August. The company reassured its users by saying that their passwords were safe, well encrypted on the platform’s servers. Its representatives nevertheless admitted yesterday that the attack was much more damaging than initially announced.
To read – Samsung is one of the most used passwords in the world and it’s a very bad idea
Karim Toubba, CEO of LastPass, provides an update on the situation: “No user data was stolen in August 2022. However, part of the application source code was copied and used to trick an employee and steal his identifiers. This allowed hackers to copy and steal storage volumes from the company’s servers.
LastPass Employee Got Tricked, Hackers Have Some Users’ Private Data
Hackers stole the encrypted data of some users of the service. These contain their basic information such as names, emails, phone numbers and other IP addresses. As a reminder, decrypt this encrypted data with the most secure symmetric encryption algorithm of the moment requires the use of a cryptographic key created from the personal password associated with a customer’s account. The latter is the only one to know about it, which complicates the task of the thieves.
To read – 5 tips to avoid having your passwords hacked
Even though cybercriminals don’t yet have the codes to successfully crack LastPass users’ private data, it may only be a matter of time before they gain access and exploit it. If you are a LastPass user, we advise you to change all your passwords registered on the service. If you have a lot of passwords, it is better to switch to another password manager as well. 1Password is the most commonly mentioned alternative.