You may not remember it, but in August of this year we already notified you of the security problem suffered by one of the great password managers used by millions of users. At first, from the program, they made it clear that important data had not been compromised. Instead, during November they suffered another attack.
Despite the fact that LastPass has been reporting at all times about the delicate situation that it has had to face. The truth is that the attack suffered by the password manager last month was bigger and, worst of all, much more difficult for your security department to detect. So they have had to show their faces again and report what the situation is right now.
User data at risk
Just yesterday, the password gesture launched a statement to continue providing transparency to its millions of users with information about the security breach it has suffered. From the company they recognize that if during the incident in August this year, hackers were unable to access user data. Now, they have detected that the attacker, or attackers, have managed to download a copy of the entire client vault.
Basically, they warn that an unauthorized user, or users, have had access to your third-party cloud storage service, since LastPass uses this service to keep backup copies of your data. In this backup, there is confidential data , some encrypted and others not, such as saved URLs, company names, billing addresses, telephone numbers, IP addresses, usernames, email addresses, etc. .
In the case of encrypted data, they assure us that it remains securely protected. More than anything, because they have 256-bit AES encryption . Luckily, hackers haven’t been able to steal the master password. And all thanks to the fact that the administrator did not store these keys.
Is your data at risk?
Keep in mind that attackers can force it, if users used strong passwords, or they can also use brute force to find it, something especially dangerous if users reused the keys. In any case, it is quite alarming that LastPass has suffered from this major security breach, as it has exposed a large amount of personal data of millions of users. Of course, the only data that is not in danger in this chaos is that of credit or debit cards, since they were not completely saved on this platform.
Therefore, the ideal in this situation, especially if hackers manage to break the 256-bit AES encryption, will be to change the master password used in LastPass , in addition to all the passwords of the different sites that we have been managing with this particular platform. . In addition, we recommend that you pay special attention to the emails or messages you receive, since unfiltered data can be used for phishing.