Anyone with an older account may still be using a shorter and less secure password. We know the latest GPU hardware has set new records for password cracking, and you might not even need an RTX 4090 to get the job done LastPass has lax requirements for master passwords, which were only boosted to a 12-character minimum in 2018. The files could also simply be cracked with enough time. That could mean a lot of headaches for IT pros in the coming months. So, a lot of people may have used it not only for personal accounts but corporate ones as well. For all its flaws, LastPass is easy to use. The attackers could use this information to launch phishing campaigns to trick people into giving away their passwords. It only encrypts passwords, leaving URLs and IP addresses exposed.
For one, LastPass doesn't encrypt the entire file. Security professionals like SwiftOnSecurity, John Scott-Railton (Opens in a new window), and Jeremi Gosney (Opens in a new window) are reminding everyone how a determined hacker could still gain access to your accounts. Sadly, the situation isn't as simple as that. Passwords are encrypted with the master password, and since LastPass doesn't know your master password, hackers can't steal it. The takeaway if you only read LastPass' blog post (Opens in a new window) is that your data is still secure because of the company's "Zero Knowlege" architecture. 22 that the attackers had managed to copy the password vaults that contain all the sensitive information like passwords and secure notes. He says talking about these breaches as separate attacks makes LastPass seem less culpable when in reality, this is one months-long attack that LastPass did not contain.
It framed these as separate incidents, but security researcher Wladimir Palant of AdBlock Pro fame isn't pulling any punches in his analysis (Opens in a new window). It then reported a second breach in early December that leveraged the previously stolen information to exfiltrate user data. Things started to go south for LastPass in August 2022 when it announced attackers accessed its servers and made off with technical data but no user files. Depending on who you believe, it might be time to change some passwords. Some security experts are speaking up following the company's most recent statements, pointing out that the calming language and assurances ring hollow when you look at how LastPass secures its data. It has claimed users are not at risk, the subtext being that we should not be upset with LastPass. (Credit: LastPass)LastPass has spent the second half of 2022 on the defensive following a pair of major data breaches.
0 kommentar(er)
