Sadly, the situation isn't as simple as that. Passwords are encrypted with the master password, and since LastPass doesn't know your master password, hackers can't steal it. The takeaway if you only read LastPass' blog post (Opens in a new window) is that your data is still secure because of the company's "Zero Knowlege" architecture. 22 that the attackers had managed to copy the password vaults that contain all the sensitive information like passwords and secure notes. He says talking about these breaches as separate attacks makes LastPass seem less culpable when in reality, this is one months-long attack that LastPass did not contain. It framed these as separate incidents, but security researcher Wladimir Palant of AdBlock Pro fame isn't pulling any punches in his analysis (Opens in a new window).
It then reported a second breach in early December that leveraged the previously stolen information to exfiltrate user data. Things started to go south for LastPass in August 2022 when it announced attackers accessed its servers and made off with technical data but no user files. Depending on who you believe, it might be time to change some passwords. Some security experts are speaking up following the company's most recent statements, pointing out that the calming language and assurances ring hollow when you look at how LastPass secures its data. It has claimed users are not at risk, the subtext being that we should not be upset with LastPass. LastPass has spent the second half of 2022 on the defensive following a pair of major data breaches.
0 kommentar(er)
