LastPass Data Breach Exposes Encrypted Password Vaults
- Dec 23, 2022
- 368
Popular password manager LastPass has had its customer data breached, with cybercriminals gaining access to encrypted password vaults. The company's CEO Karim Toubba confirmed the news in an updated blog post on the breach disclosure. In addition to password vaults, vast amounts of customer data such as names, email addresses, phone numbers and billing information were also taken by the criminals.
Customers’ password vaults are stored in a proprietary binary format containing both unencrypted and encrypted vault data. However, technical or security details of this format were not disclosed. Fortunately, the passwords themselves remain secure as they can only be unlocked with customers' master passwords that are known exclusively to them. Unfortunately though, this doesn't mean that cybercriminals won't try to guess these master passwords using brute force methods in order to decrypt the stolen copies of vault data they obtained from LastPass servers.
As for what action should users take following this breach? Well firstly it would be wise for them to update their master passwords if they have not done so already - making sure these new passwords are strong enough so as not easily guessed by hackers attempting brute force attacks on their accounts. It's also recommended that users review any suspicious activity within their accounts such as emails sent from unknown sources or unrecognised devices being logged into their account since this could indicate an attempted hack on part of a malicious actor using stolen user credentials found via LastPass database breach earlier this year.
While no user is safe from data breaches such as those seen at LastPass recently, there are steps one can take like updating their master passwords regularly and monitoring suspicious activities within their accounts which might help protect them against similar incidents happening again in future scenarios involving other popular services too potentially vulnerable to similar types of security lapses leading up potential breaches once more thus safeguarding users' personal information better down line going forward without fail anytime soon now onwards ahead towards tomorrow still yet hopefully!