One of the companies offering password management services, LastPass, was hacked by unidentified hackers who gained access to its server and stole customer data, including encrypted password vaults.
The business said in the prior interview that the hackers had only taken basic data such company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses.
However, a thorough analysis of the incident has found that the attackers used login information and encryption keys from a cloud storage provider that is physically separate from its production system to extract data from the backup.
The business added that 256-bit AES encryption is being used to safeguard the data, and that only the master password stored on the user’s device can decrypt it.
Users could feel a little better as a result, but they were warned that attackers might try to force their way into the master key by guessing the passwords. Alternately, they might open the accounts using previously used credentials that are available online.
Additionally, it advised a small subset of its corporate clients—less than 3%—to take a specific, vague action.
Is LastPass Unhackable?
What if LastPass suffers a security breach or a hack? The security model used by LastPass is zero-knowledge. Zero-knowledge implies that you are the only one with access to your encrypted Master Password, vault, or vault data.
Can LastPass decrypt passwords?
These encrypted fields are still protected by 256-bit AES encryption and can only be unlocked using a special encryption key that is obtained from the master password of every user using our Zero Knowledge architecture. Reminder: LastPass never has access to and does not keep track of the master password.
What encryption does LastPass use?
The password management firm assured its clients that their encrypted data was secure by stating that all encrypted files are still “protected using 256-bit AES encryption,” which means that in order to unlock them, a special encryption key created from each user’s password is required.
Why is LastPass saying my password is at risk?
A password for the site entry in your vault is deemed “at-risk” if it is brittle, repeated, or absent. The Passwords page in your vault or the Password Security page via the Security Dashboard both allow you to examine these passwords that require attention.