People involved in financial tech, software programming, cyber security, and cryptocurrencies have been talking about the Lastpass data breach that was disclosed two days ago. The password management company detailed that a breach, committed earlier this year, allowed hackers to obtain a “backup of customer vault data.”
Lastpass Reveals ‘Threat Actor Was Also Able to Copy a Backup of Customer Vault Data’
On Dec. 22, 2022, the password management firm Lastpass disclosed that an “unknown threat actor” managed to breach the firm’s cloud-based storage environment in or around Aug. 2022. As soon as the news was published, the Lastpass data leak has been a topical discussion on social media and forums. A great number of people believe that Lastpass’ situation “may be worse than they are letting on.”
LastPass attackers now know all websites you have passwords stored for and the blobs, encrypted only by your master password https://t.co/Wdbt6mWe8C https://t.co/HldcJ8DYkK
— SwiftOnSecurity (@SwiftOnSecurity) December 22, 2022
“Based on our investigation to date, we have learned that an unknown threat actor accessed a cloud-based storage environment leveraging information obtained from the incident we previously disclosed in August of 2022,” Lastpass disclosed. The password management company added:
The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.
Lastpass insists the encrypted fields are secure with 256-bit AES encryption and the info can only be decrypted by leveraging each user’s master password using the firm’s zero-knowledge architecture. “As a reminder, the master password is never known to Lastpass and is not stored or maintained by Lastpass,” the company detailed.
lastpass gets hacked and immediately after a ton of crypto wallets are broken into and drained
“be your own bank”
nah go break into a brick & mortar establishment if you want my funds nerds, good luck
— gainzy (@gainzy222) December 24, 2022
Lastpass’ Security Reassurance Doesn’t Seem to Convince a Number of Critics
However, a number of reports believe that the situation is worse than Lastpass is letting on. Reviewgeek.com’s Andrew Heinzman stresses in his…
Click Here to Read the Full Original Article at Security Archives – Bitcoin News…