LastPass hacked again - Is it time to say goodbye?
One of the big names in password managers, LastPass, was breached last August. At the time, the company claimed that no user data was compromised.
An update in December revealed the hackers then launched a phishing campaign against a LastPass employee, obtaining credentials and keys they used to decrypt some basic customer data, but passwords or usernames remained safe.
Are you still reeling from those past attacks? LastPass just shared some more bad news. If you’re a customer, you will want to read this.
Popular password manager hacked again
In a post titled “Incident 2 – Additional details of the attack,” LastPass announced that the second attack was more damaging than initially thought. The following is a timeline of events.
The first attack
In August, LastPass announced that a threat actor gained unauthorized access through a single compromised developer account. The hacker stole encrypted LastPass credentials, source code and proprietary LastPass technical information.
LastPass said customer data was safe, as the decryption keys can only be retrieved from the following:
- Closely guarded on-premises data centers.
- A highly restricted set of shared folders in a LastPass password manager vault used by just four DevOps engineers for administrative duties.
This attack concluded on Aug. 12, 2022.
The second attack
The hackers then launched a phishing campaign against an employee, obtaining credentials and keys, which they used to access and decrypt storage volumes within the cloud-based storage service.
How to start using a password manager
With all the malware, spyware, phishing scams and data breaches out there, you can never be too safe. As long as your devices are connected to the internet, you’ll constantly be exposed to cybercriminals.
While it’s convenient to create an easy-to-remember password and use it across your accounts, this is a big mistake. A crook needs only access to that one password to make things difficult for you. Tap or click here to check out password mistakes Americans are making.
Password managers: Are they safe to use?
We get it. It is easy to remember a password based on your favorite pizza topping. You can wield it across your accounts without the need for a reminder. However, this ease of use poses a security risk as dark forces look to pick up on your culinary tastes and get access to your data.