In particular, he said it wasn’t true that it would take “millions of years” to crack master passwords and get access to all of a customer’s logins. However, independent security analyst Wladimir Palant this week took issue with no fewer than 14 of the claims made by LastPass, describing them as “ full of omissions, half-truths and outright lies.” As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass. These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture. The company went to great pains to point out that the password vaults used strong encryption, and could not be accessed without customers’ master passwords. The company has shared that copies of customers’ password vaults were obtained along with names, emails, billing addresses, phone numbers, and more. LastPass last week revealed the extent of that data – and it was far worse than had been suspected. We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. However, it subsequently emerged that the attacker then used this information to gain wider access to LastPass systems, and was then able to access customer data. Instead, said LastPass, an attacker took part of its source code and “some proprietary LastPass technical information.” After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults. Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. At the time, the company said that no customer data was accessed. BackgroundĪ LastPass security breach was revealed back in August. Indeed, it says, it would cost just $100 to crack the master password of a typical LastPass user. LastPass claimed that cracking users’ master passwords would take millions of years, but 1Password says that this isn’t true for most users. After an independent security analyst described statements made by LastPass as “half-truths and outright lies,” rival password management company 1Password has also weighed in … The LastPass security breach controversy continues.
0 Comments
Leave a Reply. |