A Break In To LastPass’ Vault
Much Safety, So Security
As the quote from Lastpass and Bleeping Computer reads, “some of the stolen vault data is “safely encrypted“. That is good news for the customers of Lastpass who have to hear there has been a second breach of the company this year. This time the unencrypted data that was snatched includes company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP address you last hit their servers from.
On the plus side your username, passwords, secure notes, attachments, and form-fill fields are fully AES-256 encrypted so there is little chance they will be truly compromised and your master password is not stored by Lastpass. With all the information stolen the dastardly nogoodniks could pick up a powerful GPU to try to brute force your master password but even with an NVIDIA Tesla it will take a very long time to accomplish.
Merry Christmas?
The attacker gained access to Lastpass' cloud storage using "cloud storage access key and dual storage container decryption keys" stolen from its developer environment.
More Tech News From Around The Web
- John Cleese’s Classic ‘Silly Walk’ Burns More Calories Than a Normal Gait, Study Finds @ Slashdot
- TikTok cops to running “covert surveillance campaign” on Western journalists @ Ars Technica
- Oops. Cisco installed wrong firmware on some boxes and they report fake ‘severe faults’ @ The Register
- Google is Making Its Internal Video-Blurring Privacy Tool Open Source @ Slashdot
- Ortur Aufero Laser 1 Engraving & Cutting Machine Review @ NikKTech
.