Business and personal users of the LassPass password management solution are being warned to take defensive action after the company acknowledged customer information and encrypted data they had stored in the service’s digital vault were copied by a hacker in a supply chain attack. «Users should beware of sophisticated phishing attacks aimed at stealing their
Business and personal users of the LassPass password management solution are being warned to take defensive action after the company acknowledged customer information and encrypted data they had stored in the service’s digital vault were copied by a hacker in a supply chain attack.
“Users should beware of sophisticated phishing attacks aimed at stealing their master password,” said Mike Walters, vice-president of vulnerability and threat research at Action1, a provider of patch management solutions. “An attacker can pretend to be LastPass, regulatory authorities, and other organizations and trick users into sharing their credentials. Remember, modern phishing can go beyond average emails and combine different communication channels, such as phone calls, SMS, messengers, and others.
