Tag: lastpass
Daily Crunch: Hackers pinched LastPass customers’ encrypted password vaults, parent company admits
Hello, friends, and welcome to Daily Crunch, bringing you the most important startup, tech and venture capital news in a single package.
Daily Crunch: Hackers pinched LastPass customers’ encrypted password vaults, parent company admits by Christine Hall originally published on TechCrunch
The LastPass Scandal Shows It’s Time to Leave Passwords Behind
If you’ve been following the LastPass data-leak scandal, you know something is terribly wrong with internet security. Passwords have never been an ideal solution to access your accounts, but it’s the best we’ve come up with since the 1960s. We’re well into the 21st century. It’s time to move on.
Read This Article on Review Geek ›
LastPass Slammed Over Hacked Password Security Claims
Password manager LastPass has been embroiled in a data-leak scandal, with each update worsening the situation. In its most recent post, the company assured users their passwords were safe so long as they followed LastPass’s guidelines. Today, competitor 1Password released a scathing rebuttal.
Read This Article on Review Geek ›
The LastPass disclosure of leaked password vaults is being torn apart by security experts
Last week, just before Christmas, LastPass dropped a bombshell announcement: as the result of a breach in August, which lead to another breach in November, hackers had gotten their hands on users’ password vaults. While the company insists that your login information is still secure, some cybersecurity experts are heavily criticizing its post, saying that it could make people feel more secure than they actually are and pointing out that this is just the latest in a series of incidents that make it hard to trust the password manager.
LastPass’ December 22nd statement was “full of omissions, half-truths and outright lies,” reads a blog post from Wladimir Palant, a security researcher known for helping originally develop AdBlock Pro, among…
LastPass Data Breach: It’s Time to Ditch This Password Manager
LastPass breach: it’s worse than initially thought
In the original report about the data breach incident discovered in August, LastPass said that “only” the company’s source code and proprietary information were compromised. Users’ data and passwords remained safe and unsoiled. Now, a follow-up security notice on that same incident is saying otherwise: the malicious actors were able…
LastPass confirms hackers stole customer data from cloud storage
The stolen data includes website usernames and passwords, but LastPass said this sensitive information is encrypted and cannot be easily accessed.
Read more: LastPass confirms hackers stole customer data from cloud storage
LastPass: Hackers Stole Customer Vault Data In Cloud Storage Breach
“The threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,” Toubba said today. “The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.”
Fortunately, the encrypted data is secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password. According to Toubba, the master password is never known to LastPass, it is not stored on Lastpass’ systems, and LastPass does not maintain it. Customers were also warned that the attackers might try to brute force their master passwords to gain access to the stolen encrypted vault data. However, this would be very difficult and time-consuming if you’ve been following password best practices recommended by LastPass. If you do, “it would take millions of years to guess your master password using generally-available password-cracking technology,” Toubba added. “Your sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass’ Zero Knowledge architecture.”
Read more of this story at Slashdot.
Hackers stole encrypted LastPass password vaults, and we’re just now hearing about it
LastPass has a doozy of an updated announcement about a recent data breach: the company — which promises to keep all your passwords in one, secure place — is now saying that hackers were able to “copy a backup of customer vault data,” meaning they theoretically now have access to all those passwords if they can crack the stolen vaults (via TechCrunch).
If you have an account you use to store passwords and login information on LastPass, or you used to have one and hadn’t deleted it before this fall, your password vault may be in hackers’ hands. Still, the company claims you might be safe if you have a strong master password and its most recent default settings. However, if you have a weak master password or less security, the company…