LastPass says hackers stole customers' password vaults

The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company.LastPass has lost a copy of customers' encrypted password data to a hacker, who recently breached the company's systems. The hacker looted the password data by copying a "backup of customer vault data" from an encrypted storage container during the intrusion, LastPass said on Thursday.

The password vault is where people keep their passwords, so should the attackers find a way to decrypt the vaults, they'd be able to read all of the passwords saved in there.

LastPass said customers' password vaults are encrypted and can only be unlocked with the customers' master password, which is only known by the customer. But the company warned that the cybercriminals behind the intrusion "may attempt to use brute force to guess your master password and decrypt the copies of vault data they took."

Also stolen is "basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service," the company said.

For those worried their master password might be cracked, the best thing to do right now would be to change it to something more resilient. If you have reason to believe the contents of your vault might be compromised, then changing the passwords is the only way to stay safe (aside from setting up multi-factor authentication whenever possible).

Read more -here-

• Google, Meta, Apple receive FCC approval to tap into airwaves for VR and AR
• State-sponsored hackers are leveraging WinRAR bug
• Amazon launches drug delivery by drone
• Unpatched Zero-Day being exploited in the wild, Cisco warns
• Apple plans to update iPhones in-store without opening the boxes
• Microsoft just bought Activision Blizzard for $69 billion