- LastPass said hackers obtained information including cloud storage access keys, company name, user name, contact details etc, and IP addresses.
- On 25 Dec, LastPass hackers started sending phishing text SMS asking users to upgrade OKX.
- LastPass warns users to never reuse their master password on any other website.
In an official blog dated 22 December, Password management tool LastPass has admitted that attackers stole source code and technical data from their development environment.
LastPass said hackers got hold of information including cloud storage access keys, copied information including company name, user name, billing address, Email addresses, phone numbers, and IP addresses.
On 25 December, LastPass hackers started sending phishing text messages to users asking them to upgrade OKX. Many Twitter handles complained about receiving text messages.
1/ Can confirm: After LastPass security breach I started receiving phishing SMS to a fake OKx telling me to upgrade my account.
It means the hacker knows 2 things:
1. My phone number
2. That I use OKx https://t.co/t3SEdlQe6h pic.twitter.com/eIXwgJ2Mw9— Ignas | DeFi Research (@DefiIgnas) December 24, 2022
In its blog, Lastpass also added that hackers have also copied customer’s vault and their details. After the hackers stole information from Lastpass’ development department, an employee was targeted. The hackers then stole credentials and keys to open storage volumes that were stored in the cloud belonging to Lastpass.
LastPass claimed:
Because of the hashing and encryption methods we use to protect our customers, it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best practices. We routinely test the latest password cracking technologies against our algorithms to keep pace with and improve upon our cryptographic controls.
LastPass has warned users to never reuse their master password on any other website.CEO Karim Toubba added that the firm is taking all sorts of measures including adding more logging to detect suspicious activity in the future, recreating its development environment, rotating credentials, and so on.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
