1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Bad news - LastPass owner confirms customer backups were stolen

    From TechnologyDaily@1337:1/100 to All on Wed Jan 25 10:15:03 2023
    Bad news - LastPass owner confirms customer backups were stolen

    Date:
    Wed, 25 Jan 2023 10:04:54 +0000

    Description:
    Encrypted backups of a number of services, including Central, Pro and
    join.me, were taken.

    FULL STORY ======================================================================

    Another update on the recent LastPass data breach has revealed even more potentially bad news for users of the password manager .

    Paddy Srinivasan, CEO of LastPass parent company GoTo revealed in a blog post that the attackers who targeted third-party cloud storage service shared by both firms managed to exfiltrate encrypted backups related to a number of products.

    These products include Central, Pro, join.me, Hamachi, and RemotelyAnywhere. Encryption key taken

    Besides encrypted backups, the attackers also exfiltrated an encryption key for a portion of the encrypted backups, Srinivasan added.

    The data that is now at risk includes account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, and some product settings and licensing information. Credit card or banking details were not affected. Birth dates, home addresses, and Social Security numbers, were also said to be secure, as GoTo doesnt store any of these.

    Furthermore, a small subset of Rescue and GoToMyPC users have had their MFA settings impacted. Encrypted databases, however, were said to not have been taken. Read more

    Check out the best business password managers today


    LastPass confirms customer password vaults were stolen


    LastPass is being sued following major cyberattack

    While all of the account passwords were salted and hashed in accordance with best practices, GoTo still reset the passwords of affected users, and had
    them reauthorize MFA settings, where possible. The CEO also said the company is migrating affected accounts onto an enhanced Identity Management Platform to provide additional security and more robust authentication and login-based security options.

    The affected customers are being reached out to directly, Srinivasan confirmed.

    LastPass first reported suffering a data breach in November 2022. An initial investigation determined that the hackers managed to steal customer vaults, essentially databases containing all of their passwords. The vaults
    themselves are encrypted, however, meaning the crooks will not have such an easy time reading their contents.

    These encrypted fields remain secured with 256-bit AES encryption and can
    only be decrypted with a unique encryption key derived from each users master password using our Zero Knowledge architecture, LastPass CEO Karim Toubba had said. As a reminder, the master password is never known to LastPass and is
    not stored or maintained by LastPass. Check out our list of the best ID theft protection solutions right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/bad-news-lastpass-owner-confirms-customer-backu ps-were-stolen


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)