LastPass one of the password management service providers was attacked by unknown hackers who breached its server in which they were able to steal users personal information including their encrypted password vaults.
In the previous interview, the company stated that only basic information like company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses was occupied by the hackers.
However, after a long investigation of the case, it has been revealed that the attackers extracted the data from the backup was done using credentials and keys from a cloud-based storage provider that is physically isolated from its production environment.
The company further stated that the data is been protected by using 256-bit AES encryption which can only be accessed by the master password present on the user’s device.
This could give some relief to the users but they further stated that the attackers might try to force to get the master key by predicting the passwords. Or else they may use the previously used credentials present on the internet to open the accounts.
It further informed a limited group of its business customers—less than 3%—to take a particular, undefined action.
