New Delhi: Encrypted password manager LastPass has admitted that hackers were able to “copy a backup of customer vault data,” in a recent data breach.
LastPass is a freemium password manager that stores encrypted passwords online.
In a statement, the company said that the threat actor “was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data”.
It means that the threat actor may attempt to use brute force to “guess your master password and decrypt the copies of vault data they took”.
The threat actor may also target customers with phishing attacks, credential stuffing, or other brute force attacks against online accounts associated with “your LastPass vault”.
Also Read The Guardian confirms ransomware attack on its IT Infrastructure “In order to protect yourself against social engineering or phishing attacks, it is important to know that LastPass will never call, email, or text you and ask you to click on a link to verify your personal information,” the company added.
Related stories
Subscribe
- Never miss a story with notifications
- Gain full access to our premium content
- Browse free from up to 5 devices at once
Latest stories