The honest answer is no, LastPass is no longer safe to use after the most recent breach. If exploited, the vulnerability could’ve exposed 16 million users' credentials, including master passwords, email addresses, and password reminder questions. In 2019, a researcher found a LastPass browser extension vulnerability. However, among the exfiltrated information, were unencrypted URLs, which may or may not include sensitive data such as account tokens and API keys and credentials.Īnd although user passwords remain under encryption – for now – this is the third consecutive LastPass breach. The passwords remain safe unless the hacker can crack the encryption. LastPass also disclosed that the hacker also was able to obtain a copy of an encrypted backup of the user passwords, website usernames, and form-filling data. User details such as email addresses, telephone numbers, and IP addresses were exposed. This time, a threat actor used information obtained in the August breach to gain access to internal LastPass systems. However, not even 5 months later, another LastPass breach occurred. This can be seen as a positive – despite the scale of the attack, the overall damage was minimal. However, no vault data or master passwords were compromised and users weren't asked to take any further action.
The company's source code was accessed through a compromised developer account. Visit LastPass to learn more about the features LastPass security breachĪ 2022 LastPass incident happened in August 2022.
0 kommentar(er)
