But wasn’t there news of a LastPass hack earlier in the year? “As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass.Just days before Christmas, when most people probably weren’t paying too much attention, password management service LastPass revealed that hackers had accessed customers’ password vaults. “These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture,” LastPass CEO Karim Toubba had said. The vaults themselves are encrypted, however, meaning the crooks will not have such an easy time reading their contents. An initial investigation determined that the hackers managed to steal customer vaults, essentially databases containing all of their passwords.
LastPass first reported suffering a data breach in November 2022. The affected customers are being reached out to directly, Srinivasan confirmed.
The CEO also said the company is migrating affected accounts onto an enhanced Identity Management Platform to provide additional security and more robust authentication and login-based security options.
While all of the account passwords were salted and hashed “in accordance with best practices”, GoTo still reset the passwords (opens in new tab) of affected users, and had them reauthorize MFA settings, where possible. > LastPass is being sued following major cyberattack > LastPass confirms customer password vaults were stolen
Check out the best business password managers today (opens in new tab)
0 kommentar(er)
