It also doesn’t help that LastPass’s blog post doesn’t cut to the point straight away, going on about the history of the attack in the first few paragraphs rather than saying that vaults have been obtained at the top. Many IT departments in charge of companies' password security might already be on vacation, and private users could be more concerned about visiting family than their passwords. The revelation that LastPass vaults were obtained by hackers came at an inconvenient time, with the company releasing details just a few days before Christmas. LastPass or any of the services you use will never reach out to you and ask you to confirm your password. With website URLs leaked, hackers could try to use phishing to get access to individual accounts interesting to them. You should still be wary of phishing attempts trying to extradite your master password from you, though. With a good password, it could take hundreds or even millions of years to get the right combination. However, with the vaults now in the hands of hackers, it’s possible they could use brute force to guess the right password.Īs long as you never reused your password and followed LastPass's best practices for password creation, the company says you should be safe.
This data is protected by users’ master passwords, which LastPass doesn’t store on any of its own servers. LastPass says that while these copies include some unencrypted fields, like website URLs, other sensitive information such as usernames and passwords are encrypted. However, the hackers then used this data to compromise the account of a LastPass employee, and they were subsequently able to obtain backup copies of user vaults. Back then, LastPass said that user data was unaffected and that the hackers only gained access to a testing environment. The revelation is related to the August incident, where hackers stole LastPass source code and further data. LastPass published a blog post detailing the incident ( via TechCrunch).
0 kommentar(er)
