LastPass CEO Kareem Tauba says they found in an investigation that an unknown threat actor accessed a cloud-based storage environment in August of 2022. At the time, the company said no customer data was accessed, however, adding that hackers stole some source code and technical information that targeted another employee.
The hackers then obtained certain credentials and keys that were used “to access and decrypt certain storage volumes within the cloud-based storage service.”
Which data is copied?
With the help of cloud storage access keys and dual storage container decryption keys, “the threat actor copied information from a backup that contained basic customer account information and associated details including company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses from which customers were accessing the LastPass service,” the CEO said in a blog post.
“The threat actor was also able to copy a backup of Customer Vault data from an encrypted storage container that is stored in a proprietary binary format that contains unencrypted data, such as website URLs, as well as fully encrypted sensitive fields such as username and password.” password, secure note and form filled data,” repentance Said.
According to LastPass, encrypted data is protected with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password.
Phishing attack threat
LastPass also warns that hackers may try to use “brute force” to guess the master password, in order to gain access to encrypted copies of Vault data. “The threat actor could be targeting customers with phishing attacks, credential stuffing, or other brute force attacks against online accounts connected to your LastPass vault,” says Tuba.
LastPass also noted that they found no evidence that any unencrypted credit card data was accessed.
Data of 50 crore WhatsApp users leaked, how to check whether your WhatsApp data is at risk or not