11/19/2023 0 Comments Is lastpass still safeLastPass' best practices regarding master password use may protect customer data against brute force attacks, as it recommends passwords with at least 12 characters and a mix of numbers, letters and special characters. While most of the vault data is encrypted, all that stands between access is the master password.Ī weak master password is broken easily with brute force attempts. Not only did they manage to obtain customer data, such as names, phone numbers and email addresses, they also managed to obtain customer vault data. The attacker managed to obtain a treasure trove of information during the hack. Complete Credit Card numbers are not stored and the company does not archive Credit Card information in the cloud storage environment. Unencrypted Credit Card information was not accessed, according to LastPass. The master password is not stored by LastPass, which means, that the attacker could not obtain it. These are encrypted with 256-bit AES encryption according to LastPass, but may be brute forced by the attacker to gain access to user vaults. Even worse, the data includes encrypted fields that contain a customer's usernames and passwords, secure notes and form-fill data. Unencrypted data includes website URLs but also metadata, including "company names, end-user names, billing addresses, email addresses, telephone numbers" and IP addresses of customers when they access LastPass. This data includes unencrypted and encrypted data. A new blog post on the official company blog confirms that the attacker was able to "copy a backup of customer vault data". Today, LastPass confirmed that the hack has been serious.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |