In the original report about the data breach incident discovered in August, LastPass said that „only“ the company’s source code and proprietary information were compromised. Users‘ data.
Facepalm: LastPass, one of the most popular password manager services out there, was breached this past August. The company is now saying that the damage done by the unknown hackers is much worse than was initially assessed. Users should change their passwords asap.
In the original report about the data breach incident discovered in August, LastPass said that „only“ the company’s source code and proprietary information were compromised. Users‘ data and passwords remained safe and unsoiled. Now, a follow-up security notice on that same incident is saying otherwise: the malicious actors were able to access some users‘ data too.
The black hat hackers obtained the cloud storage access key and dual storage container decryption keys, LastPass says. With the stolen keys, they were able to further compromise the platform’s security by copying a backup that contained „basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.