![]() Because of the hashing and encryption methods we use to protect our customers, it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best practices. ![]() “ The threat actor may attempt to use brute force to guess your master password and decrypt the copies of vault data they took. Toubba said customers’ password vaults that, while accessed, are encrypted and can only be unlocked with the individual’s master password (not something LastPass stores). This related metadata included company names, end-user names, billing addresses, email addresses, telephone numbers and the IP addresses from which customers were accessing the LastPass service. In a blog post detailing the extent of the breach, CEO Karim Toubba said LastPass has determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from a backup that contained basic customer account information and related metadata. While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service.” “Based on our investigation to date, we have learned that an unknown threat actor accessed a cloud-based storage environment leveraging information obtained from the incident we previously disclosed in August of 2022. Today, it confirmed things are actually a hell of a lot worse than it thought. The company had determined, however, that an unauthorised party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. ![]() “After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults,” it said. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |