LastPass reports breach of customer data

Password manager LastPass has just announced that an “unauthorized party” has gained access to LastPass users’ sensitive information and data.

Lastpass

According to LastPass CEO Karim Toubba, the hacker was able to obtain and copy user data which contained “basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.”

However, Toubba assured users that the data accessed are secured with 256-bit AES encryption and can only be decrypted with the user’s master password (which Toubba reminds is never known to LastPass and is not stored or maintained by LastPass).

Security

Toubba says that while the threat actor may attempt to use “brute force” to guess users’ master passwords and decrypt the data, it would be extremely difficult to attempt and succeed at doing so.

LastPass still recommends, however, that its customers follow their password best practices such as never reusing your master password on other sites or taking advantage of LastPass’ twelve-character minimum and creating a strong password.

Luis Miguel Millares

Luis Millares is a Political Science graduate of the Ateneo de Manila University and a former journalist for its official student publication, The GUIDON. He also worked as a writer for the Department of Interior and Local Government (DILG) before pursuing his passion for tech with the YugaTech team.

https://www.yugatech.com/

No Comments

YugaGaming

YugaTech.com is the largest and longest-running technology site in the Philippines. Originally established in October 2002, the site was transformed into a full-fledged technology platform in 2005.