I’ve been a LastPass user for many, many years, with hundreds of credentials stored there. This is my take on the LastPass story to this point… I’m sure there will be more to come. I wanted to see what a range of experts were saying about it before weighing in with my perspective. That’s why I didn’t post this article immediately after the most serious news broke about this breach. And in this case, it does seem like there were some inaccurate statements made by some “experts” on social media. One important thing to remember at times like this is that there may be a tendancy to “over-hype” the severity of the problem, and to jump to conclusions. Also, since most people use simple passwords, these managers allow them to have special characters and alphanumeric login codes that are hard to crack.My advice here is primarily based a summary story by Ars Technica that provides a good explanation with recommendations. Password managers have become an essential tool in this day and age, where remembering all the passwords for your digital accounts can be a nightmare.
However, he has assured customers that none of the passwords has been exposed in this breach, claiming that LastPass’s zero knowledge tech keeps them secure behind strong encryption.Īs he mentioned last time, Toubba said that the master password has not been exposed, and LastPass doesn’t have access to the password vault, which could put it at risk when incidents like these happen. The company is working to understand the scope of the incident, as Toubba explains. He did not elaborate on what details could have been possibly accessed. Toubba mentioned that it is possible that the hackers might have used the information they got from the previous hack to gain access and steal information from its customers. “We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement," Toubba said in a blog post on Wednesday.īack in August, LastPass informed about the first breach, through which hackers were able to steal sensitive data and the company’s source code. Touba explained that the company was alerted to some unusual activity in its third-party cloud storage service. The details of the breach were shared by CEO Karun Toubba, who said the company is investigating the second compromise of the password manager.
LastPass has reported another data breach this week, its second incident in 2022.
0 kommentar(er)
