My best password manager recommendation – house rules LastPass has been quick to point out that, in order to access the encrypted data, the hackers would need to use brute force – a task which Toubba suggests would be “extremely difficult”, given the hashing and encryption methods used. They also managed to steal a backup of a customer data vault, which includes both encrypted and unencrypted data, including website URLs, website usernames, and… yes, passwords. Once inside the storage volumes, the hackers grabbed “basic customer account information” that included names, billing addresses, email addresses, telephone numbers, and the IP addresses used by customers to access the LastPass service. We have now moved from ‘sweat-inducing’ to ‘where’s the nearest toilet?’. The unauthorised party has since used some of the source code and technical information to compromise LastPass once more, this time obtaining credentials which enabled them to access and decrypt some of the company’s storage volumes. Now, we know there was rather more to the intentions behind the incident than initially met the eye. You wouldn’t want unauthorised people anywhere near your company’s data and internal tools – no matter the industry within which you reside – but when you’re in the business of keeping humanity’s most important data safe, it’s another matter entirely.īack then, Toubba told us that no customer data was accessed during the breach. This is already sweat-inducing if you’re part of the LastPass top brass (or that of its parent company, GoTo).
In August 2022, someone (or a bunch of people – who knows) managed to gain access to parts of the LastPass development environment. I’ll get to that in a moment, but first, let’s quickly run over LastPass’ dreadful end to 2022. There are many alternatives to LastPass, and from the limited time I’ve spent recommending my own favourite on these pages, I know that conversations surrounding password security can quickly turn inexplicably unsavoury. Although, arguably, if you’re in that position, I’d suggest your first port of call would be a major overhaul of all your saved passwords – regardless of how annoying that task is. Referring to a data breach in August when an unauthorised party gained access to the LastPass development environment, LastPass CEO, Karim Toubba, swapped Christmas wishes for an admission that the plot has thickened – in the worst possible way.Īs a result of this, I’d suspect that many people are now looking for an alternative to LastPass. On 22nd December, the password management company had no choice but to publish the blog post no company wants to publish. It’s not been a particularly merry Christmas for LastPass, has it?
0 kommentar(er)
