{"id":15823,"date":"2022-12-24T23:03:44","date_gmt":"2022-12-24T23:03:44","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/lastpass-data-breach-frightens-users-some-say-hack-may-be-worse-than-they-are-letting-on-security-bitcoin-news\/"},"modified":"2022-12-24T23:03:44","modified_gmt":"2022-12-24T23:03:44","slug":"lastpass-data-breach-frightens-users-some-say-hack-may-be-worse-than-they-are-letting-on-security-bitcoin-news","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/lastpass-data-breach-frightens-users-some-say-hack-may-be-worse-than-they-are-letting-on-security-bitcoin-news\/","title":{"rendered":"Lastpass Data Breach Frightens Users, Some Say Hack \u2018May Be Worse Than They Are Letting on\u2019 \u2013 Security Bitcoin News"},"content":{"rendered":"

(Originally posted on : Bitcoin News )<\/b>
\n<\/p>\n

\n
\n<\/header>\n
\n<\/div>\n

People involved in financial tech, software programming, cyber security, and cryptocurrencies have been talking about the Lastpass data breach that was disclosed two days ago. The password management company detailed that a breach, committed earlier this year, allowed hackers to obtain a \u201cbackup of customer vault data.\u201d<\/strong><\/p>\n

Lastpass Reveals \u2018Threat Actor Was Also Able to Copy a Backup of Customer Vault Data\u2019<\/h2>\n

On Dec. 22, 2022, the password management firm Lastpass disclosed<\/a> that an \u201cunknown threat actor\u201d managed to breach the firm\u2019s cloud-based storage environment in or around Aug. 2022. As soon as the news was published, the Lastpass data leak has been a topical discussion<\/a> on social media and forums. A great number of people believe<\/a> that Lastpass\u2019 situation \u201cmay be worse than they are letting on.\u201d<\/p>\n

\n

LastPass attackers now know all websites you have passwords stored for and the blobs, encrypted only by your master password https:\/\/t.co\/Wdbt6mWe8C<\/a> https:\/\/t.co\/HldcJ8DYkK<\/a><\/p>\n

\u2014 SwiftOnSecurity (@SwiftOnSecurity) December 22, 2022<\/a><\/p>\n<\/blockquote>\n

\u201cBased on our investigation to date, we have learned that an unknown threat actor accessed a cloud-based storage environment leveraging information obtained from the incident we previously disclosed in August of 2022,\u201d Lastpass disclosed. The password management company added:<\/p>\n

\n

The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.<\/p>\n<\/blockquote>\n

Lastpass insists the encrypted fields are secure with 256-bit AES encryption and the info can only be decrypted by leveraging each user\u2019s master password using the firm\u2019s zero-knowledge architecture<\/a>. \u201cAs a reminder, the master password is never known to Lastpass and is not stored or maintained by Lastpass,\u201d the company detailed.<\/p>\n

\n

lastpass gets hacked and immediately after a ton of crypto wallets are broken into and drained<\/p>\n

\u201cbe your own bank\u201d <\/p>\n

nah go break into a brick & mortar establishment if you want my funds nerds, good luck<\/p>\n

\u2014 gainzy (@gainzy222) December 24, 2022<\/a><\/p>\n<\/blockquote>\n

Lastpass\u2019 Security Reassurance Doesn\u2019t Seem to Convince a Number of Critics<\/h2>\n

However, a number of reports<\/a> believe that the situation is worse than Lastpass is letting on. Reviewgeek.com\u2019s Andrew Heinzman stresses in his report to \u201cplease, stop using Lastpass.\u201d \u201cEven if you use a strong master password, there\u2019s a chance that hackers will try to phish some information out of you,\u201d Heinzman wrote. The author added:<\/p>\n

\n

To be clear, Lastpass is still investigating this data breach. And after four months of \u2018sorry, it\u2019s worse than we thought,\u2019 customers are rightfully worried that Lastpass doesn\u2019t have all the details. For all we know, things could get even worse. We asked our readers to stop using Lastpass in July 2020.<\/p>\n<\/blockquote>\n

Crypto supporter Udi Wertheimer also warned<\/a> people that if they use Lastpass \u201cattackers probably have a copy of your vault.\u201d Wertheimer\u2019s recommendation is the same as Heinzman\u2019s as the digital currency proponent insisted that users should \u201cstop using Lastpass.\u201d<\/p>\n

\u201cWe don\u2019t know how bad things are,\u201d Wertheimer added<\/a>. \u201cIt\u2019s possible that attackers have ongoing access, so don\u2019t just change your passwords and put them back into Lastpass.\u201d Moreover, a Twitter user who claims to have worked as an engineer for the company seven years ago also noted that Lastpass\u2019 breach situation is a big deal.<\/p>\n

\u201cI worked at Lastpass as an engineer a long time ago. 7+ years ago. My 2 cents on the situation,\u201d the individual said<\/a>. \u201cThis is the worst breach Lastpass has had. By a lot. The key difference is that customer vaults were accessed this time, which are kept in a completely separate database.\u201d<\/p>\n

\n
\nTags in this story
\n<\/h6>\n
256-bit AES encryption<\/a>, Andrew Heinzman<\/a>, Crypto<\/a>, Digital Assets<\/a>, encrypted fields<\/a>, former engineer<\/a>, Lastpass<\/a>, Lastpass data breach<\/a>, password management firm<\/a>, Passwords<\/a>, Reviewgeek.com<\/a>, secret passwords<\/a>, Security<\/a>, Seeds<\/a>, Udi Wertheimer<\/a>, zero-knowledge architecture<\/a><\/div>\n<\/div>\n

What do you think about the Lastpass data breach and the speculation that it is worse than Lastpass is letting on? Let us know what you think about this subject in the comments section below.<\/strong><\/em><\/p>\n

\n
\n<\/div>\n
\n
\nJamie Redman <\/h6>\n

\nJamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 6,000 articles for Bitcoin.com News about the disruptive protocols emerging today.

\n
\n
\n<\/a>
\n<\/span>\n<\/p>\n<\/div>\n<\/div>\n

Image Credits<\/b>: Shutterstock, Pixabay, Wiki Commons<\/em><\/p>\n

\n

Disclaimer<\/strong>: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com<\/a> does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.<\/p>\n<\/div>\n

\n