LastPass' latest data breach exposed some customer information
source link: https://www.theverge.com/2022/11/30/23486902/lastpass-hackers-customer-information-breach
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
LastPass' latest data breach exposed some customer information
/CEO Karim Toubba says hackers didn’t gain access to users’ stored passwords, but disclosed this breach happened using information taken back in August.
By Emma Roth
Share this story
If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.
:format(webp)/cdn.vox-cdn.com/uploads/chorus_asset/file/23318435/akrales_220309_4977_0232.jpg)
LastPass has experienced another data breach, but this time, it exposed user data. According to a post from LastPass CEO Karim Toubba, hackers accessed a third-party cloud storage service used by the password manager and were able to “gain access to certain elements” of “customers’ information.”
It’s still not clear what information hackers got access to or how many customers were affected, but Toubba says that users’ passwords weren’t compromised.
“Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture,” Toubba writes, citing the company’s policy that means only the user knows their master password, with encryption that occurs only at the device level and not server-side.
This comes just months after LastPass confirmed that hackers had stolen some of its source code in August and had access to LastPass’ internal systems for four days before getting detected. It looks like this new attack is connected, as Loubba says it determined that hackers gained access to user data “using information obtained in the August 2022 incident.”
“We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” Toubba says, adding that the service remains “fully functional” despite the breach. The company has launched an investigation into what went wrong and said it has also notified law enforcement.
Recommend
-
11
August 18, 2021
-
9
LastPass confirms breach, says user data is safe...
-
4
A security incident was detected earlier this month
-
10
Samsung experienced a security breach that exposed the data of its U.S. customers Some Samsung U.S. customers might have gotten a rude awakening this morning as the firm began n...
-
5
LastPass confirms another security breach, customer data accessed this time...
-
4
The LastPass security breach that occurred back in August did allow attackers to access customer...
-
11
LastPass user information exposed in data breach These incidents aren't filling customers with confidence By
-
9
LastPass: Hackers Stole Customer Vault Data In Cloud Storage Breach Do you develop on GitHub? You can...
-
14
Yes, It’s Time to Ditch LastPassThe password manager’s most recent data breach is so concerning, users need to take immediate steps to protect themselves.
-
7
LastPass breach update: The few additional bits of information Half a year after the LastPass breach started in August 2022, informatio...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK