LastPass Data Breach Worse Than Initially Thought
In August, LastPass announced a security breach, while the company said no customer data was taken during the breach, it doesn't appear there was another data breach
Now LastPass has announced that customer password vaults have been obtained in a hack, you can see more details below.
The threat actor was also able to copy a backup of the client's vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data , such as website URLs, as well as fully encrypted data, sensitive fields such as website usernames and passwords, secure notes, and form-filled data. These encrypted fields remain secure with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user's master password using our Zero Knowledge architecture. As a reminder, the master password is never known to LastPass and is neither stored nor maintained by LastPass. Encryption and decryption of data is performed only on the local LastPass client. For more information on our Zero Knowledge architecture and encryption algorithms, please click here.
There is no evidence that unencrypted credit card data was accessed. LastPass does not store full credit card numbers and credit card information is not archived in this cloud storage environment.
You can find more information about the LastPass data breach on the company's website by clicking the link below.
SourceLastPass
Filed Under: Technology News Latest geek gadget deals Disclosure: Some of our articles include affiliate links. If you purchase something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn more.
In August, LastPass announced a security breach, while the company said no customer data was taken during the breach, it doesn't appear there was another data breach
Now LastPass has announced that customer password vaults have been obtained in a hack, you can see more details below.
The threat actor was also able to copy a backup of the client's vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data , such as website URLs, as well as fully encrypted data, sensitive fields such as website usernames and passwords, secure notes, and form-filled data. These encrypted fields remain secure with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user's master password using our Zero Knowledge architecture. As a reminder, the master password is never known to LastPass and is neither stored nor maintained by LastPass. Encryption and decryption of data is performed only on the local LastPass client. For more information on our Zero Knowledge architecture and encryption algorithms, please click here.
There is no evidence that unencrypted credit card data was accessed. LastPass does not store full credit card numbers and credit card information is not archived in this cloud storage environment.
You can find more information about the LastPass data breach on the company's website by clicking the link below.
SourceLastPass
Filed Under: Technology News Latest geek gadget deals Disclosure: Some of our articles include affiliate links. If you purchase something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn more.What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
