NxtVertexNxtVertex

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Why is a data breach a big risk for crypto traders, and how can they avoid it?

    December 23, 2022

    Betbeard’s Best Non-Stop Casino 2023

    December 23, 2022

    PS5 Pro vs. PS5 Slim release likely in 2023: While a tipster’s PlayStation 5 hardware roadmap points to the latter, Sony official comments fuel anticipation for the former.

    December 23, 2022
    Facebook Twitter Instagram
    • Tech
    • Gadgets
    • Mobiles
    Facebook Twitter Instagram Pinterest VKontakte
    NxtVertexNxtVertex
    • Home
    • Tech

      Betbeard’s Best Non-Stop Casino 2023

      December 23, 2022

      Microsoft and Netflix are rumored to join as streaming competition heats up.

      December 23, 2022

      We just learned that hackers stole encrypted LastPass password vaults.

      December 23, 2022

      Shipments of AR and VR are down, but IDC anticipates rise by 2023.

      December 22, 2022

      Autonomous P-Flap ornithopter perches like a bird using a claw.

      December 21, 2022
    • Mobiles

      With a better display, the Xiaomi Pad 6 Pro might challenge the iPad Pro.

      December 22, 2022

      Galaxy Z Fold 3 and Flip 3 prices plummet to just $585 in a refurb sale.

      December 20, 2022

      The specifications for the OnePlus Nord 3 have been announced, and they’re quite remarkable.

      March 21, 2022

      On BIS, a Redmi 10 Prime Plus appears, which could be a rebranded Note 11E 5G.

      March 21, 2022

      Realme’s insatiable appetite is expanding faster than anyone else’s, and it’s aiming squarely at Europe.

      March 18, 2022
    • Gaming
    • Gadgets
    • Crypto
    • How To
    • Contact
    NxtVertexNxtVertex
    Home»Tech»We just learned that hackers stole encrypted LastPass password vaults.
    Tech

    We just learned that hackers stole encrypted LastPass password vaults.

    LastPass has released a doozy of an update regarding a recent data breach: the company now claims that hackers were able to "copy a backup of customer vault data," meaning they now theoretically have access to all of those passwords if they can crack the stolen vaults. LastPass promises to keep all of your passwords in one, secure place (via TechCrunch).
    NxtvertexBy NxtvertexDecember 23, 2022Updated:December 23, 2022No Comments6 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    IMAGE CREDITS: [muycomputer.com]
    Share
    Facebook Twitter LinkedIn Pinterest Email

    If you currently use LastPass to store your passwords and login information, or if you previously used the service but hadn’t deleted your account before this fall, hackers may have access to your password vault. However, the business asserts that if you use its most recent default settings and a strong master password, you might be secure. However, the company advises that “as an extra security measure, you might consider decreasing risk by changing passwords of websites you have stored” if you have a weak master password or less security.

    Changing the passwords for each website that you trusted LastPass to save them for might be necessary.

    Even though LastPass claims that the master password for the account still protects passwords, considering how it has handled previous releases, it is difficult to merely believe what it says at this point.

    The corporation stated that it didn’t think customer data had been accessed when it first disclosed the hack in August. Then, in November, LastPass claimed to have discovered an intrusion that probably used data obtained in the August incident. It would have been wonderful to learn about this possibility between August and November. Someone was able to “get access to certain parts” of consumer data thanks to the intrusion. It turned out that those “certain aspects” were, you know, the most crucial and private information stored by LastPass. Although the business claims there is “no evidence that any unencrypted credit card data was obtained,” that would have been better than what the hackers were able to get away with. At least cancelling a few cards is simple.

    When asked about the theft of the vaults, LastPass CEO Karim Toubba said the following. We’ll discuss how this all transpired in a moment.

    The threat actor was also able to copy a backup of customer vault data from the encrypted storage container, which is stored in a proprietary binary format and includes both fully-encrypted sensitive fields like website usernames and passwords, secure notes, and form-filled data as well as unencrypted data, such as website URLs.

    According to Toubba, your master password is the only method a bad actor may access that encrypted data and, consequently, your passwords. According to LastPass, it’s never had access to master passwords.

    As long as you had a very strong master password that you never reused (and as long as there wasn’t some technical flaw in the way LastPass encrypted the data, though the company has made some pretty basic security mistakes before), he claims that “it would be extremely difficult to attempt to brute force guess master passwords.” But anyone gets access to this data might attempt to unlock it by brute-forcing, or guessing random passwords.

    LastPass claims that utilising its suggested defaults should guard against that sort of assault, but it makes no mention of any features that would stop someone from trying to unlock a vault repeatedly for days, months, or even years. Additionally, if someone reuses their master password for additional logins, it may have been exposed during previous data breaches. This raises the likelihood that people’s master passwords are accessible in other ways.

    It’s also important to keep in mind that if you have an older account (one that was created before a new default option was introduced after 2018), your master password may have been protected using a less effective password-strengthening procedure. The Password-Based Key Derivation Function currently uses “a stronger-than-typical implementation of 100,100 iterations,” according to LastPass, but when a Verge staff member checked their older account using a link the company provides in its blog, it told them their account was set to 5,000 iterations.

    The unencrypted data is perhaps more worrisome because it contains URLs, which could reveal to hackers the websites you have accounts with. When paired with phishing or other sorts of assaults, that information may be quite effective if they choose to target specific users.

    While none of it is good news, any firm that stores secrets in the cloud may theoretically experience any of it. In cybersecurity, how you respond to crises when they occur is more important than having a flawless record.

    And this is where I think LastPass has failed miserably.

    It should be noted that this news is being made today, December 22, three days before Christmas, when most IT teams will be on vacation and users are unlikely to be paying attention to updates from their password manager.

    (Also, it takes the statement five paragraphs to mention that the vaults have been replicated. Although part of the material is bolded, I believe it is reasonable to anticipate that such a significant announcement would appear right at the top.)

    In contrast, according to LastPass, the threat actor used information from that breach to target a worker who had access to a third-party cloud storage service. LastPass claims that the vault backup wasn’t first hacked in August. The backups that contained “basic customer account information and related metadata” were also kept in and duplicated from one of the volumes accessed in that cloud storage, along with the vaults. According to LastPass, this information consists of “business names, end-user names, billing addresses, email addresses, phone numbers, and the IP addresses from which consumers were accessing the LastPass service.”

    As a result of the initial breach and the subsequent breach that revealed the backups, according to Toubba, the company is taking a variety of precautions. These precautions include increasing logging to identify suspicious activity going forwards, rebuilding its development environment, rotating credentials, and more.

    That’s all fine, and it ought to carry out those actions. However, if I were a LastPass user at this point, I’d be thinking very hard about leaving the company, as we’re looking at one of two possibilities: either the company didn’t know that backups containing users’ vaults were on the cloud storage service when it announced that it had discovered unusual activity there on November 30th, or it did know and decided not to inform customers about the possibility that hackers had gained access to them. Neither of those are attractive.

    featured trending
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Nxtvertex
    • Website

    Related Posts

    Why is a data breach a big risk for crypto traders, and how can they avoid it?

    December 23, 2022

    Betbeard’s Best Non-Stop Casino 2023

    December 23, 2022

    PS5 Pro vs. PS5 Slim release likely in 2023: While a tipster’s PlayStation 5 hardware roadmap points to the latter, Sony official comments fuel anticipation for the former.

    December 23, 2022

    Microsoft and Netflix are rumored to join as streaming competition heats up.

    December 23, 2022
    Add A Comment

    Leave A Reply Cancel Reply

    Editors Picks

    Betbeard’s Best Non-Stop Casino 2023

    December 23, 2022

    PS5 Pro vs. PS5 Slim release likely in 2023: While a tipster’s PlayStation 5 hardware roadmap points to the latter, Sony official comments fuel anticipation for the former.

    December 23, 2022

    Microsoft and Netflix are rumored to join as streaming competition heats up.

    December 23, 2022

    We just learned that hackers stole encrypted LastPass password vaults.

    December 23, 2022
    Top Reviews
    9.1

    Review: Mi 10 Mobile with Qualcomm Snapdragon 870 Mobile Platform

    By Nxtvertex
    8.9

    Comparison of Mobile Phone Providers: 4G Connectivity & Speed

    By Nxtvertex
    8.9

    Which LED Lights for Nail Salon Safe? Comparison of Major Brands

    By Nxtvertex
    Advertisement
    Demo
    NxtVertex
    Facebook Twitter Instagram Pinterest
    • Home
    • Tech
    • Crypto
    • Gadgets
    • Mobiles
    © 2023 Nxtvertex. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.