{"id":130742,"date":"2022-12-23T03:17:55","date_gmt":"2022-12-23T03:17:55","guid":{"rendered":"https:\/\/appleinsider.com\/articles\/22\/12\/23\/hackers-obtained-lastpass-customer-data-vaults-in-recent-data-breach?utm_medium=rss"},"modified":"2022-12-23T03:17:55","modified_gmt":"2022-12-23T03:17:55","slug":"hackers-obtained-lastpass-customer-data-vaults-in-recent-data-breach","status":"publish","type":"post","link":"https:\/\/sickgaming.net\/blog\/2022\/12\/23\/hackers-obtained-lastpass-customer-data-vaults-in-recent-data-breach\/","title":{"rendered":"Hackers obtained LastPass customer data vaults in recent data breach"},"content":{"rendered":"<div class=\"col-sm-12\" id=\"article-hero\" aria-labelledby=\"hero-cap\" role=\"figure\"> <a href=\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2022\/12\/hackers-obtained-lastpass-customer-data-vaults-in-recent-data-breach.jpg\"> <img decoding=\"async\" src=\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2022\/12\/hackers-obtained-lastpass-customer-data-vaults-in-recent-data-breach.jpg\" alt> <\/a> <\/div>\n<div class=\"col-sm-12\">\n<p> <em> AppleInsider may earn an affiliate commission on purchases made through links on our site. <\/em> <\/p>\n<\/div>\n<p class=\"col-sm-12 article-lead\">LastPass informs users that the August data breach gave hackers access to users&#8217; names, addresses, and data vaults.\n<\/p>\n<div class=\"col-sm-12\">\n<p>On November 30, LastPass <a href=\"https:\/\/appleinsider.com\/articles\/22\/12\/01\/a-new-lastpass-hack-was-caused-by-augusts-stolen-data\">notified users<\/a> that it was investigating an August &#8220;security incident&#8221; leading to user data theft.\n<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>Now, the LastPass CEO Karim Toubba has posted <a href=\"https:\/\/blog.lastpass.com\/2022\/12\/notice-of-recent-security-incident\/\">a blog<\/a> informing users of the extent of what was stolen. <\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>&#8220;To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,&#8221; the blog post reads.\n<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>The hacker also created a copy of customer vault data, which the company maintains is &#8220;stored in a proprietary binary format.&#8221; Some vault data, like website URLs, is not encrypted. Other data, like usernames and passwords, are &#8220;secured with 256-bit AES encryption,&#8221; which the company maintains cannot be decrypted by hackers.\n<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>&#8220;[Encrypted data] can only be decrypted with a unique encryption key derived from each user&#8217;s master password using our Zero Knowledge architecture,&#8221; Toubba writes. &#8220;As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass.&#8221;\n<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>While the company claims that it would be highly unlikely that the hackers could decrypt the data, it warns users that they could be targeted by phishing or social engineering attacks.\n<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>LastPass has come under fire for questionable security practices in the past.\n<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>In December 2021, LastPass members reported <a href=\"https:\/\/appleinsider.com\/articles\/21\/12\/28\/lastpass-master-passwords-may-have-been-compromised\">multiple attempted logins<\/a> using correct master passwords from various locations. The company assured customers that attacks were a result of passwords leaked in third-party breaches.\n<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>AppleInsider may earn an affiliate commission on purchases made through links on our site. LastPass informs users that the August data breach gave hackers access to users&#8217; names, addresses, and data vaults. On November 30, LastPass notified users that it was investigating an August &#8220;security incident&#8221; leading to user data theft. Now, the LastPass CEO [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":130743,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57],"tags":[],"class_list":["post-130742","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-apple-insider"],"_links":{"self":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/130742","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/comments?post=130742"}],"version-history":[{"count":0,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/130742\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media\/130743"}],"wp:attachment":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media?parent=130742"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/categories?post=130742"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/tags?post=130742"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}