Time to start changing your passwords
Password Manager Giant
LastPass has confirmed that cybercriminals stole its customers’ encrypted passwords in a data breach earlier this year in a vault that stores customer passwords and other secrets.
LastPass CEO Karim Toubba said in a recent blog post about his disclosure that intruders took a copy of the Customer vault data is backed up with cloud storage keys stolen from The cache of the customer’s password vault is stored in a “proprietary binary format” that contains both unencrypted and encrypted vault data, but the technical and security details of this proprietary format are not specified. Unencrypted data includes vaulted URLs. It’s unclear how recent the stolen backups are.
LastPass said the customer’s password vault was encrypted and could only be unlocked with the customer’s master password, which was known only to the customer. But the company warns that the cybercriminals behind the intrusion “may attempt to use brute force to guess your master password and decrypt the copy of the vault data they obtain.”
Toubba said the network The criminals also obtained a wealth of customer data, including names, email addresses, phone numbers and some billing information.
Password managers are great for storing your passwords, which should be long, complex and unique to each site or service. But security incidents like this remind us that not all password managers are created equal and can be attacked or compromised in different ways. Given that everyone’s threat model is different, no one will have the same requirements as everyone else.
In rare cases like this one (not a typo) – which we clarified in our analysis of LastPass’ data breach notification – if a bad guy gains access to a customer’s encrypted password vault, “All they need is the victim’s master password.” The strength of an exposed or compromised password vault depends on the encryption and password used to encrypt it.
As a LastPass customer, the best thing you can do is change your current LastPass Master Password to a new unique password (or passphrase) that is written down And keep it in a safe place. This means your current LastPass vault is safe.
If you think your LastPass password vault may have been compromised—for example, if your master password is weak or you have used it elsewhere—you should start changing the password vault stored in LastPass The password in the vault. Start with the most important accounts, like your email account, your cell phone plan account, your bank account, and your social media accounts, and work your way down the list of priorities.
The good news is that any account protected by two-factor authentication will allow attackers to Make it harder to access your account. That’s why it’s important to secure these second-factor accounts first, such as your email accounts and cell phone plan accounts.
