LastPass, a password management service, was hacked in August 2022 when attackers stole users’ encrypted passwords, the company said in a statement on December 23. This means that attackers may have been able to crack some LastPass users’ website passwords by guessing.
LastPass first disclosed the vulnerability in August 2022, but at the time it appeared that attackers had only obtained source code and technical information, not customer data. However, an investigation by the company found that the technical information was used by attackers to attack other employees’ devices and obtain sensitive customer data stored in cloud storage systems.
LastPass claims that hackers were not only able to extract “fully encrypted sensitive data”, but also “from encrypted storage containers containing unencrypted data, such as website URLs, which are stored in a proprietary binary format. You can also copy a backup of your customer’s vault data. Fields for site usernames and passwords, secure records, form data and more.
In such cases, LastPass advises users to log in and change their passwords for all sites on file. I am very much waiting.
It may be true that strong master passwords are hard to guess, but even the strongest passwords can be dangerous if used on other previously hacked websites. Remember that length alone is not enough to ensure a good password. In fact, 12356, 1235678, and 12356789 are all suggested to be more commonly used than 123, probably due to the length restrictions imposed by current login screens. Also, remember that password cracking tools don't just go from AAAA to ZZZZ…ZZZZ like an alphanumeric odometer. We tried to rank passwords by their likelihood of being chosen, so we have to assume that you're using a long, easy-to-use password like BlueJays28RedSox5. (18 characters) "guessed" long before reaching MAdv3aUQlHxL (12 characters) or ISM/RMXR3 (9 characters).
What is LastPass?
LastPass is a password manager and password generator that allows you to create and store strong, unique passwords for all your online accounts. LastPass securely stores your login information and fills it in automatically when you visit websites, so you don’t have to remember multiple passwords. You can access your saved credentials from any device and share your credentials with others as needed. LastPass also includes features like two-factor authentication and password alerts to help protect your account from unauthorized access.
What is the danger if personal data is stolen by hackers?
When hackers steal personal information, it can be used for a variety of crimes, such as identity theft, financial fraud, and other scams. Identity theft is when someone uses your personal information, such as your name, address, date of birth and social security number, to impersonate you and commit crimes or obtain goods and services in your name. This can lead to financial losses, damage to your credit rating and a lot of stress and problems as you try to regain your identity and repair the damage.
Financial fraud is when someone uses your personal information to access your accounts or apply for credit on your behalf, often with the intention of stealing money from those accounts or collecting debts you owe.
Fraudsters are when someone uses your personal information to trick you into giving money or goods, or to reveal other personal information that they can use for malicious purposes.
In addition to these direct consequences, identity theft can also lead to feelings of loss of privacy and vulnerability, as well as damage to your reputation if sensitive information about you is leaked or disclosed.
