Update on the Last Pass data related incident
23.12.2022Back to news
The data leak, which happened in August turned out to be much more serious that it was believed initially. The password manager developers notified that intruders managed to obtain personal data, including encrypted passwords.
According to the official statement by the company representatives, the following information was illicitly obtained:
• end-user names
• company names
• physical addresses
• phone numbers
This time the intruders managed to access a loud-based storage environment using data collected in the previous attack. Basing on the results of the internal investigation it was found out, that attackers managed to access users’ vault data containing such info as URLs, encrypted logins and passwords, secure notes, and form-filled data.
The most confidential fields are protected with the help of 256-bit AES encryption which can only be decrypted with a unique encryption key derived from each user’s master password. Thus, it must be very reliable and must not be used anywhere else.