LastPass is considered one of the best known password managers where we can store and keep our data safe. Despite considering themselves industry leaders, they suffered a hack and password vault theft. This implies that basically the passwords of the users were stolen, something that the company denied at first. Now, after several months since what happened, they finally reveal that the LastPass password theft it was because the hackers broke into an employee’s PC.
Every time we create an account on a website, application or game we have to remember our username and password. When we have one or two different accounts, nothing happens, since it is easy to remember. But the vast majority of users use dozens of applications, programs, games or websites throughout their lives. Here we have an option that many use, which is to use the same password on most siteswhich it is not recommended. Therefore, the most optimal thing is that we make use of a password manager and thus not having to remember each of these accounts.
LastPass explains how hackers stole the password vault
LastPass called itself the leading password manager from the market, but in 2021 rumors of a possible theft began to emerge. Back then, they said the company had suffered a data breach, allowing hackers to break in and steal user data. LastPass denied all the facts and assured that none of this had happened and the passwords were safe. Months later a hack was confirmed to the password manager, which made a dent in that reputation and reliability that they wanted to demonstrate.
Near the end of 2022, the CEO of the company claimed that hackers had gotten steal password vault. Now that a few months have passed, they explain that this happened when the hackers infiltrated an engineer’s personal computer DevOps of the company. They did it by using a multimedia software from third parties who have been implanted with a keylogger. Thanks to this, they were able to get the master password from the engineer to access the corporate LastPass vault.
Hackers took encrypted sensitive data
As stated in December 2022, LastPass has reconfirmed that password hacking and customer data theft they are encrypted and cannot be accessed. As he indicates, they can only be decrypted with a master password and the company does not store them in its database. It’s up to us whether or not we trust LastPass, but what has been confirmed is that the hackers managed to get it.”API secretsthird-party integration secrets, customer metadata and Backups of all the data.
Basically, confidential and sensitive data that is in your hands and we hope that that 256-bit AES encryption that they have be real. If you have ever used LastPass or are one of the users affected by the theft, we of course advise you to immediately change the password (if you haven’t already) and stop using this manager.