News

LastPass Hacked, Causing Customer Data To Be Exposed

Key Points:

  • In August 2022, the password management service LastPass experienced a cyberattack, and users’ encrypted credentials were taken.
  • Through the use of brute force guessing, the attacker might be able to decipher some LastPass users’ website passwords.
  • A Master Password is used to encrypt the vaults, making it impossible for an attacker to read them.
  • The organization has conducted an investigation and found that the attacker utilized this technical knowledge to hack the device of another employee in order to steal access tokens to client data kept in a cloud storage system.
The password manager Lastpass saw unidentified attackers accessing their servers and stealing customer data in August 2022. This contained their IP addresses from which they used the password locker company services, their passwords, usernames, company names, etc.

The customer’s vault was cloned with all of their information, Lastpass has also confirmed, the company said in a statement on December 23. When thieves gained access to some information on source codes from Lastpass’ development department, data theft took place. Another employee was the target of stealing source codes, and they could obtain passwords and keys to open Lastpass’s cloud-based storage volumes.

Encrypted vaults belonging to some clients were also taken. Each customer who uses the LastPass service stores their website passwords in these vaults. Fortunately, the vaults have a Master Password that encrypts them, preventing the intruder from reading them.

The company’s statement underlines the use of cutting-edge encryption by the service, which makes it incredibly challenging for an attacker to view vault files without the Master Password.

“These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture. As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass.”

Despite this, LastPass acknowledges that if a user has chosen a weak Master Password, an attacker may be able to use brute force to guess it, decrypt the vault, and obtain all of the user’s website passwords.

The LastPass attack proves a point that Web3 developers have argued for years: blockchain wallet logins should take the place of the conventional username and password login mechanism.

As Coincu reported, ConsenSys updated its privacy policy following the Uniswap. Infura will gather the user’s IP data and Ethereum wallet address when they send a transaction when they utilize Infura as the default RPC provider in the MetaMask wallet.

This makes the community angry because their information will be revealed, and it can be said that decentralization is gradually disappearing from MetaMask. Immediately, ConsenSys responded to users that they only collect data when users make transactions.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Website: coincu.com

Harold

Coincu News

Harold

With a passion for untangling the complexities of the financial world, I've spent over four years in financial journalism, covering everything from traditional equities to the cutting edge of venture capital. "The financial markets are a fascinating puzzle," I often say, "and I love helping people make sense of them." That's what drives me to bring clear and insightful financial journalism to the readers of Coincu.

Recent Posts

BlockDAG Surges Past $170M as BDAG250 Bonus End Countdown Begins – Aave Targets $400 & Solana Shines with Scalability

BlockDAG crosses $170.5M in presale success with BDAG250 bonus and Whitepaper V3 launch! Solana grows…

1 hour ago

Qubetics Presale Price Surge Approaches: The Best Coins to Invest in Right Now While Toncoin, and XRP Gain Traction

Discover why Qubetics, Toncoin, and XRP are the best coins to invest in right now.…

2 hours ago

Book of Meme Old News? This Best Meme Coin to Invest in 2024 Is Multiplying Gains Like a Champ

Over the years, meme coins have evolved from inside jokes into serious investment opportunities.

3 hours ago

Time’s Ticking on BlockDAG’s 5-Tier Bonus- Few Days Left to Grab It While Cardano Whales Take Action, Aave Rallies Strong

Discover BlockDAG's five-tier bonus program's closing phases that enhance buyer holdings. Gain insights on the…

3 hours ago

Best Altcoins to Buy for 2025: Qubetics Presale Surge, Solana’s Lightning Speed, and Cardano’s Blockchain Revolution

Discover why Qubetics, Solana, and Cardano are redefining the crypto landscape. Learn about milestones, price…

4 hours ago

Why Qubetics, NEAR Protocol, and IMX Are Dominating Crypto: The Best Altcoins to Join Today for Game-Changing Returns 

Discover why Qubetics, NEAR Protocol, and Immutable X are the best altcoins to join today,…

6 hours ago

This website uses cookies.