The popular password manager LastPass admitted that the company suffered from a cyber-attack. In August this year, they addressed the incident by saying that their internal source code got into hackers’ hands.
LastPass users have been notified that the company took all the security measures to protect vault data.
“After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.”
LastPass representatives
However, in December this year, they confessed that hackers had managed to get an essential piece of users’ information including full names, payment addresses, phone numbers, company names, etc.
LastPass representatives emphasize the fact, that leaked data is still secured by 256-bit AES encryption. The only way hackers can decrypt it is to get a master password from each user. The company claims they do not store such passwords. Well, time will show.
The most interesting part is that LastPass work with on-premise data centers, but they have cloud-based storage where the company store backups. And guess what? This storage is physically remote from their production place.
If you want to learn more about cloud services and self-hosted solutions’ advantages or possible issues, read this post:
What to do if you are a LastPass user?
- Replace your current master password with a stronger one. Perhaps, change all the other passwords in the vault too.
- Try looking for an alternative whose privacy measures do not include third-party cloud-based storage.
- Write all the passwords in a paper notepad like in good old times? 🙂