In other words, cybercriminals now know that you use LastPass, they know how to contact you, and they know which websites you use. IP addresses which customers used to access LastPass.The stolen data includes the following unencrypted data: LastPass hasn’t said when it believes the theft of the password vaults occurred, but the most important thing to you is probably what the stolen data contained, and how it could be exploited by hackers. So let me get this straight – the theft of the password vaults and other data from LastPass may well have occurred in August or September… long before they announced it as I was distracted wrapping Christmas presents? And sure enough, just before Christmas, LastPass confirmed that the information stolen from a developer’s account in the August 2022 attack was actually “used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes…” Part of LastPass blog post, December 22 2022. Well, LastPass might have not seen any evidence that customers’ passwords vaults had been accessed then, but… But when a company says it has “seen no evidence” of anything bad happening, that’s not necessarily the same as saying “nothing bad happened”?Ĭorrect.
You’re probably thinking of the original announcement LastPass made back on August 25 2022, where it said that a hacker had managed to gain access to a developer’s account, and stolen some of its source code from a development environment.īack then LastPass said that it had “seen no evidence that this incident involved any access to customer data or encrypted password vaults.” So they were wrong when they said that? But wasn’t there news of a LastPass hack earlier in the year? Just days before Christmas, when most people probably weren’t paying too much attention, password management service LastPass revealed that hackers had accessed customers’ password vaults.
0 kommentar(er)
