A significant data breach at popular password manager LastPass has put customers' data and internet passwords at risk.
LastPass CEO Karim Toubba confirmed in a blog post published in late December that a security problem the company previously disclosed in August had ultimately resulted in the theft of sensitive vault data and customer account information by an unauthorized person. The problem is the most recent in a long, worrying line of security occurrences involving LastPass that go all the way back to 2011.
It gets to be more concerning as this goes on.
According to Toubba, unencrypted subscriber account data like LastPass usernames, company names, billing addresses, email addresses, phone numbers, and IP addresses were accessible to an unauthorized party. The data from client vaults, which includes both encrypted and unencrypted information including usernames and passwords for all the websites that customers have saved in their vaults, was also stolen by the same unauthorized entity. While they say the encrypted should remain safe, it is better to expect that a risk still remains there.
If you use LastPass, you should consider switching to a new password manager due to the seriousness of this breach, which puts your passwords and personal information at danger.
The number of users who were impacted by the breach was not disclosed by the company. However, if you use LastPass, you must assume that your user and vault data are in the possession of an unauthorized person who has bad intents. Despite the fact that the most critical information is encrypted, the threat actor can still conduct powerful assaults on the stolen local files. If you've adhered to LastPass's best practices, it would reportedly take "millions of years" for someone to guess your master password.
If you haven't changed your individual passwords as of yet, you better get started on it this week.
