![]() Thanksgiving holiday, LastPass released an updated statement about the breach on November 30. Just over two months later, and about a week after the U.S. However, the company said that it had “engaged a leading cybersecurity and forensics firm,” and its investigation was ongoing. LastPass claimed that the breach was limited to their development environment, and that no customer information or users’ password vault data had been compromised. On August 25, LastPass released its initial statement about the breach on the company’s blog. BleepingComputer contacted LastPass on August 21 but received no response. What we know so far about the LastPass breachĪ tech news site, BleepingComputer, learned from “insiders” in mid-August 2022 that LastPass, a prominent password management company, had allegedly been breached. Janu– Steve Gibson states that “many listeners” of his podcast had only 1 hashing iteration in their LastPass vaults.Decem– 1Password claims that most LastPass vaults could theoretically be cracked with merely $100 of computing power.Decem– Wladimir Palant exposes misleading claims in LastPass’s December 22 statement.Decem– LastPass again revises statement, detailing that sensitive customer data had been accessed, along with backups of customer vaults containing both unencrypted and encrypted data.Novem– LastPass revises statement, says “certain elements of… customers’ information” had also been accessed.Aug– LastPass releases advisory, states hackers accessed “proprietary… technical information” via a compromised LastPass developer account claims breach was contained.Aug– BleepingComputer contacts LastPass about the alleged breach, receives no reply.early/mid-August 2022 – LastPass was hacked BleepingComputer learns of breach from “insiders”.Third-party experts (and competitors) weigh in.What we know so far about the LastPass breach.We’ll also discuss how this impacts existing LastPass users, and whether it’s still safe to use LastPass. Subsequent updates from LastPass have revealed new information as the company’s investigation of the breach has continued.įollowing is a timeline of events, and everything we know so far about the LastPass security breach. News outlet BleepingComputer became aware in August 2022 that LastPass had suffered a security breach. LastPass develops a popular password manager app by the same name. Over the past several weeks, news of a security breach at LastPass has gone from bad, to worse, to terrible. Get six of our favorite Motherboard stories every day by signing up for our newsletter.Security & Privacy LastPass password manager suffers massive data breach ![]() If you use 1Password, sounds like you'll have to trust them too. "I make a huge effort to keep my computer secure," Merrill added, "when I give all my passwords to a third party that means I need to trust them and their security." ![]() Whitney Merrill, a security and privacy expert, told Motherboard in a Twitter chat that "it's troubling that 1Password, a company that has traditionally been very loyal to its user base, could make such an impactful decision (subscription model and loss of local vault) without transparency to those users." In other words, 1Password really wants you to stop using its local storage version, though Hicks also added that the company is not planning to "remove support for local/Dropbox/iCloud vaults from the software," at least for now. Hicks, however, said that if a user wants a one-time license she or he can email the company and 1Password will "help them determine if a license is really what's best for them." Hicks also clarified that the new 1Password for Windows is "is built and has no licence option." So, in practice, Windows user already are forced into the cloud. This is the same model most password managers (such as LastPass) use. ![]() You can check your passwords from any computer by logging into your account on, and your passwords can still be retrieved if you lose your device. Using the cloud-based alternative is much easier for regular people. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |