• Latest
  • All
  • How To
Password Managers Now Are Being Compromised as LastPass Reports Hack

Password Managers Now Are Being Compromised as LastPass Reports Hack

December 24, 2022
Why Can'y You Register a Safaricom SIM Card After 7 PM

Why You Cannot Register a Safaricom SIM Card After 7 PM

July 10, 2025
Former Safaricom Chief Enterprise Business Officer, Cynthia Karuri-Kropac

Frankline Okata Takes Over as Cynthia Karuri-Kropac Exits Safaricom PLC

July 10, 2025
AI

OpenAI and Perplexity Launch Browsers to Rival Google Chrome

July 10, 2025
Vivo-Y29-4G

Vivo Y29 Launches in Kenya at KES 23,999

July 10, 2025
DHgate Tablet Cases deals
galaxy z fold7-galaxy z flip7-samsung

Samsung Unveils Galaxy Z Fold7 and Z Flip7 with Bigger Screens

July 10, 2025
GTA VI

Rockstar May Be Testing 96-Player Servers for GTA 6

July 10, 2025
Former X CEO, Linda Yaccarino

Linda Yaccarino Steps Down as CEO of X After Two Years

July 9, 2025
Apple-WWDC25-iOS-26

iPhone Users Are Not Too Happy With the iOS 26 Liquid Glass Design

July 9, 2025
Official document handover by Bernard Mwonyonyo and Habib Lukaya from Roam.

E-Mobility in Kenya Gets a Lift with New Bike Financing Program

July 9, 2025
Samsung

This Samsung Security Update Could Change How You Use Your Phone

July 9, 2025
tecno ultimate g fold concept

TECNO Joins Tri-Fold Race With Ultimate G Fold Concept Phone

July 10, 2025
Microsoft Edge browser

Microsoft Makes Edge 40% Faster in a Bid to Lure Chrome Users

July 8, 2025
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
No Result
View All Result

Password Managers Now Are Being Compromised as LastPass Reports Hack

Kenn Abuya by Kenn Abuya
December 24, 2022
in News
Reading Time: 4 mins read
261
0

Known password manager LastPass has been hacked according to a recent blog post published by the company.

LastPass recently notified its users that an unauthorized party gained access to a third-party cloud-based storage service, which LastPass uses to store archived backups of its production data.

In keeping with its commitment to transparency, it wanted to provide an update regarding its ongoing investigation.

It appears that a cybercriminal obtained information from a previous data breach and used it to gain access to a cloud storage system.

Although no customer data was accessed during the initial incident, the perpetrator obtained credentials and keys by targeting an employee and was able to decrypt certain storage volumes within the cloud storage service.

This was discovered during the ongoing investigation into the matter.

LastPass stores its production data in on-site data centers and uses cloud storage for things like backups and compliance with regional data regulations.

The cloud storage system that was accessed by the threat actor is separate from the main production system.

So far, it seems that the attacker obtained and used certain keys to copy information from a backup that included basic customer details such as names, addresses, emails, phone numbers, and IP addresses of users accessing the service.

LastPass experienced a data breach in which an unauthorized party gained access to a third-party cloud storage service that the company uses to store archived backups of its production data.

The investigation revealed that the threat actor obtained credentials and keys by targeting an employee and used them to access and decrypt certain storage volumes within the cloud storage service.

The attacker copied information from a backup containing basic customer account information, as well as a backup of customer vault data stored in a proprietary binary format.

The vault data includes both unencrypted data, such as website URLs, and encrypted sensitive information like website usernames and passwords, secure notes, and form-filled data.

While the encrypted fields are secured with strong encryption, there is no evidence that any unencrypted credit card data was accessed.

It’s worth noting that LastPass does not store complete credit card numbers and credit card information is not archived in this cloud storage environment.

“There is no evidence that any unencrypted credit card data was accessed. LastPass does not store complete credit card numbers and credit card information is not archived in this cloud storage environment,” says Karim Toubba , CEO LastPass .

Implications

It is possible that the threat actor may attempt to use brute force methods to guess the master passwords of affected customers and decrypt the copies of vault data that were taken.

However, the company’s use of hashing and encryption techniques makes it very difficult for the attacker to successfully guess these passwords, especially for customers who follow the company’s password best practices.

The company regularly tests the latest password-cracking technologies against its algorithms to maintain strong cryptographic controls.

Also, the threat actor may try to target affected customers with phishing attacks, credential stuffing, or other brute-force attacks against online accounts linked to their LastPass vaults.

To protect against these types of attacks, it is important to remember that LastPass will never contact you by phone, email, or text and ask you to click on a link to verify your personal information.

Additionally, aside from when signing into your vault from a LastPass client, the company will never ask for your master password.

Actions

As a result of the August 2022 data breach, the company has taken several steps to secure their systems and protect against future attacks.

These measures include decommissioning and rebuilding their development environment, replacing and hardening developer machines, processes, and authentication mechanisms, and implementing a new set of dedicated development and production environments.

They have also added extra logging and alerting capabilities and enlisted the help of a managed endpoint detection and response vendor to supplement their own team.

In response to the latest incident, they are rotating potentially affected credentials and certificates, analyzing accounts for suspicious activity within the cloud storage service, and adding additional safeguards.

A small percentage of Business customers have been notified and asked to take specific actions based on their account configurations.

The company is continuing to investigate the matter and has informed law enforcement and regulatory authorities. Their services are still running normally and they remain on heightened alert.

Tags: LastPass
SendShare147Tweet92
Kenn Abuya

Kenn Abuya

Kenn Abuya is a friend of technology, with bias in enterprise and mobile tech. Share your thoughts, tips and hate mail at [email protected]

Related Posts

Signal App

Privacy Changes You Need to Make Right Now

April 18, 2022
Signal vs Telegram vs WhatsApp

Privacy Apps You Should Download Right Now

March 22, 2021
Password

Your Password Manager Is Vulnerable. Here’s Why You Shouldn’t Be Panicking

April 18, 2022
Huawei Mate 20 Pro

Security Checklist for Your Android Smartphone

April 18, 2022
Lastpass is Finally Free on Mobile but There is a Catch

One No Longer Needs a Premium Subscription to Use LastPass on Multiple Devices

November 3, 2016
Lastpass is Finally Free on Mobile but There is a Catch

Lastpass is Finally Free on Mobile but There is a Catch

August 11, 2015

Latest

Why Can'y You Register a Safaricom SIM Card After 7 PM

Why You Cannot Register a Safaricom SIM Card After 7 PM

July 10, 2025
Former Safaricom Chief Enterprise Business Officer, Cynthia Karuri-Kropac

Frankline Okata Takes Over as Cynthia Karuri-Kropac Exits Safaricom PLC

July 10, 2025
AI

OpenAI and Perplexity Launch Browsers to Rival Google Chrome

July 10, 2025
Vivo-Y29-4G

Vivo Y29 Launches in Kenya at KES 23,999

July 10, 2025
galaxy z fold7-galaxy z flip7-samsung

Samsung Unveils Galaxy Z Fold7 and Z Flip7 with Bigger Screens

July 10, 2025
GTA VI

Rockstar May Be Testing 96-Player Servers for GTA 6

July 10, 2025

Best devices

budget smartwatches 2025

Best Budget Smartwatches To Buy in Kenya 2025

February 13, 2025

Best Infinix Smartphones To Buy in Kenya 2024

February 13, 2025

Best Laptops for Battery Life in 2024

August 21, 2024

Best “Battery Warrior” Smartphones To Buy in 2024

August 22, 2024

Why You Cannot Register a Safaricom SIM Card After 7 PM

July 10, 2025

Frankline Okata Takes Over as Cynthia Karuri-Kropac Exits Safaricom PLC

July 10, 2025

Techweez is a fast growing influential source of technology news, reviews and analysis by leading tech geeks in the industry.

Follow Us

Editorials

Abductions and Arrests! Kenyan Government’s Fear and Hate of X Users Makes No Sense

Actors and Film Crews Are Worried About Veo 3 Taking Their Jobs

Samsung QLED TVs Now Officially Certified for Real Quantum Dot Technology

Trump’s Tariffs Will Be the End of Affordable Tech

5 Ways to Prep Your Tech for Resale

The Weaponization of PDFs: How Cybercriminals Are Exploiting a Trusted Format

More News

Linda Yaccarino Steps Down as CEO of X After Two Years

iPhone Users Are Not Too Happy With the iOS 26 Liquid Glass Design

E-Mobility in Kenya Gets a Lift with New Bike Financing Program

This Samsung Security Update Could Change How You Use Your Phone

TECNO Joins Tri-Fold Race With Ultimate G Fold Concept Phone

Microsoft Makes Edge 40% Faster in a Bid to Lure Chrome Users

  • Terms Of Use
  • Techweez Brand
  • Privacy & Policy
  • Contact Us

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!

Hey there! Just a heads-up: we're big fans of cookies - both the digital and edible kind! 🍪 We use our cookies and some from third parties to ensure your browsing experience on our site is smooth sailing and secure.

 

But wait, there's more! We also use cookies to gather stats and insights on how you navigate our site. It's like getting a behind-the-scenes peek at your digital adventures!

 

Don't worry, you're in control. You can adjust your cookie settings anytime to suit your preferences. Feeling curious? Dive into our Privacy Policy for all the juicy details. Happy browsing! 🚀

Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
No Result
View All Result
  • News
  • Reviews
  • Features
  • Editorial
  • Automotive
  • Entertainment

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.