web analytics
Home » Technology » Customers’ password vaults were accessed as a result of the LastPass security breach.

Customers’ password vaults were accessed as a result of the LastPass security breach.

LastPass came back with the latest news of its security breach. The details of the attack were unclear as the incident happened. The company has generated details about a security breach. In the incident, customer passwords along with their personal information (names, emails, billing addresses, contact numbers, etc.) were stolen.

The update was published today by CEO Karim Toubba on the company’s official blog.

A system hacking incident was reported by the company on November 30, following the incident of August 2022. A more detailed picture of the whole issue was shared today.

LastPass’s initial claim depicted the violation of users’ names, emails, and other personal information.

The latest statement revealed the results of investigations until now. The inquiry has made the hypothesis that access to cloud storage and a dual-storage container were compromised. A hacker had accessed the information from a backup that was storing initial details about customers and meta-related data such as the company’s name, end user names, bill address, email, contact numbers, and IP address that users were availing of the LastPass services through.

The access to and copying of the customer’s password vaults were more concerning.

The malicious attacker was also able to gain access to a backup of client cellar information from the protected storage container, which is saved in a secret binary sequence and contains both crucial areas such as site passwords and usernames. Private memos and form-filled data, as well as unprotected data like website URLs, are still encrypted with 256-bit AES and can only be unlocked with a special encryption key derived from each user’s master password. Reminder: LastPass never has access to and does not keep track of the master password. Data encryption and decryption are exclusively handled locally by the LastPass client.

However, the remaining password resources are protected by a single password key that the hacker could try to access.You need to be careful about it if you are using this website.

According to information from LastPass, the investigation is still in progress, and the company will keep customers updated about more clues and patterns that lead to the reveal of the complete incident.