Lastpass published the investigation update on the attack made this autumn.

Lastpass published the investigation update on the attack made this autumn

Earlier this year, Lastpass was attacked twice. The first incident happened in August - we posted available information about the incident and its investigation in our blog posts. Then, in autumn, the attacker tried again, using the information gathered during the first attempt. The LastPass CEO Karim Toubba shared some detail regarding the incident in a recent blog post.

According to his report, the attacker obtained the cloud storage access key and dual storage container decryption keys and then copied information from a backup. This backup contained customer information, including company names, user names, billing addresses, email addresses, phone numbers, and client IP addresses. In addition, the attacker copied a backup of customer vault data that contains unencrypted URLs and encrypted sensitive fields (usernames, passwords, secure notes, and form-filled data).

LastPass emphasized that the encrypted data is protected with 256-bit AES encryption, so it can only be decrypted using the user’s master password. So, it is important to keep your password secret and avoid using it or writing it anywhere except your LastPass client.

In addition, it is recommended to minimize the risk by updating the passwords to websites stored in LastPass.

Image Credit: Photo by FLY:D on Unsplash

Reading next

Venia PWA Storefront
Shopify released the list of eCommerce trends for 2023

Interested in a specific business & technology topic and looking for an article in our blog but haven't found one yet?

If you haven't come across an article that matches your query, feel free to suggest the topic to us, and we'll consider featuring it in our blog. Share your suggestion in the form below, and we'll be sure to review your request.

Talk with us

If you have any questions or problems in your business that can be solved with technical solutions, just let us know. We'll do everything we can to help you.