LastPass Users Lose Master Passwords to Ultra-Convincing Scam
CryptoChameleon attackers trade quantity for quality, dedicating time and resources to trick even the most diligent into handing over their high-value credentials.
Attempted Audio Deepfake Call Targets LastPass Employee
Fake LastPass App Sneaks Past Apple's Review Team
Popular password management app LastPass is warning customers about a fraudulent app that uses a similar name and icon to attempt to trick LastPass...
LastPass to enforce a 12-character requirement for master passwords
Security pros say while the 12-character requirement by LastPass is a step in the right direction, teams still need to enforce multi-factor authentication and practice continuous monitoring.
Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach
In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious…
LastPass breach update: The few additional bits of information
LastPass breach was aided by lax security policy, allowing accessing critical data from a home computer. Also, companies implementing federated login are also affected by the breach, despite LastPass originally denying it.
What’s in a PR statement: LastPass breach explained
The LastPass statement on their latest breach is full of omissions, half-truths and outright lies. I’m providing the necessary context for some of their claims.
Cracking encrypted Lastpass vaults
The recent (2022) compromise of Lastpass included email addresses, home addresses, names, and encrypted customer vaults. In this post I will demonstrate how attackers may leverage tools like Hashcat to crack an encrypted vault with a weak password.
Notice of Recent Security Incident
We are working diligently to understand the scope of the incident and identify what specific information has been accessed.
Lastpass says hackers accessed customer data in new breach
LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022. The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service.
Notice of Recent Security Incident
We have no evidence that this incident involved any access to customer data or encrypted password vaults. Our products and services are operating normally.
LastPass breach update: The few additional bits of information
LastPass breach was aided by lax security policy, allowing accessing critical data from a home computer. Also, companies implementing federated login are also affected by the breach, despite LastPass originally denying it.
What’s in a PR statement: LastPass breach explained
The LastPass statement on their latest breach is full of omissions, half-truths and outright lies. I’m providing the necessary context for some of their claims.
Cracking encrypted Lastpass vaults
The recent (2022) compromise of Lastpass included email addresses, home addresses, names, and encrypted customer vaults. In this post I will demonstrate how attackers may leverage tools like Hashcat to crack an encrypted vault with a weak password.
Notice of Recent Security Incident
We are working diligently to understand the scope of the incident and identify what specific information has been accessed.
Lastpass says hackers accessed customer data in new breach
LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022. The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service.
Notice of Recent Security Incident
We have no evidence that this incident involved any access to customer data or encrypted password vaults. Our products and services are operating normally.
Notice of Recent Security Incident
We have no evidence that this incident involved any access to customer data or encrypted password vaults. Our products and services are operating normally.