Unsolved
10 Elder
•
44.4K Posts
0
317
LastPass hack - Updated - again
LastPass reported about being hacked last August, but a new update (12-22-22) from the company now says that a cloud-based storage facility had been penetrated.
While encrypted fields remain secured with 256-bit AES encryption, the hackers may attempt to use "brute force to guess your master password and decrypt the copies of vault data they took."
~3% of LastPass Business customers have been contacted to recommend they take certain actions based on their specific account configurations.
Read the new update about steps LastPass has taken, and will take, to ensure everything is secure, and be sure to follow their recommendations so your master password complies with their best practices policy.
RoHe
10 Elder
10 Elder
•
44.4K Posts
1
February 28th, 2023 16:00
Another update...
Apparently, the second LastPass hack attack was worse than they previously thought.
Hackers stole info during the first attack that allowed them to access a "senior DevOps" employee's home computer which enabled remote code execution capability and allowed them to plant keylogger malware.
The hacker was then able to capture the employee’s master password as it was entered on the home PC, and after the employee authenticated with MFA, it gave them access to the DevOps engineer’s LastPass corporate vault.
So the hacker activity went undetected because it appeared to be legitimate activity by that employee who had elevated access...
If you use LastPass, this may be the time to change all your passwords stored on LastPass and change your LastPass master password too...
Read more here...