Despite being one of the most popular password managers on the market, LastPass has suffered another major breach, putting the passwords of customers risk as well as their personal information.
It was established just over a year ago that LastPass, a popular password manager that stores customers’ passwords and other sensitive information in encrypted vaults, had been compromised by cybercriminals as a result of a data breach.
Karim Toubba, the CEO of LastPass who announced the hack, explained that the attackers took a copy of a backup of the information stored in a customer’s vault as part of their intrusion. A LastPass employee used stolen cloud storage keys to access the data, which enabled them to steal keys from the company.
There are several different ways in which the cache of customer password vaults is kept. However, the specific technical and security details of this proprietary format were not disclosed. The data is stored in both an unencrypted and encrypted format.
It has been discovered that some of the web addresses that are stored in the vault, in the data that was not encrypted, are unencrypted. At this point, it is not known exactly when on the calendar the backups were stolen.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: