![]() ![]() However, not even 5 months later, another LastPass breach occurred. This time, a threat actor used information obtained in the August breach to gain access to internal LastPass systems. User details such as email addresses, telephone numbers, and IP addresses were exposed. LastPass also disclosed that the hacker also was able to obtain a copy of an encrypted backup of the user passwords, website usernames, and form-filling data. The passwords remain safe unless the hacker can crack the encryption. ![]() However, among the exfiltrated information, were unencrypted URLs, which may or may not include sensitive data such as account tokens and API keys and credentials.Īnd although user passwords remain under encryption – for now – this is the third consecutive LastPass breach. In 2019, a researcher found a LastPass browser extension vulnerability. ![]() If exploited, the vulnerability could’ve exposed 16 million users' credentials, including master passwords, email addresses, and password reminder questions. The honest answer is no, LastPass is no longer safe to use after the most recent breach. Although the data acquired by the threat actor is encrypted, including user passwords, notes, and other information, the encryption might not be invincible and could be cracked. Something that adds to questionable LastPass security practices is that is a closed-source password manager. This means that no one can really inspect the code for vulnerabilities (which have been found in the past). Plus, they never reached out to third-party audit agencies to verify whether they were operating securely. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |