LastPass Hacked, A hacker breached password manager, although initial examination suggests no customer passwords were compromised.
LastPass emailed clients on Thursday about the two-week-old vulnerability.
“An unauthorised party gained access to portions of the LastPass development environment through a single compromised developer account,” the firm said.
We have no evidence that client data or encrypted password vaults were accessed, the statement said.
The company adopted “containment and mitigation measures” and recruited a top cybersecurity firm to investigate. All Last Pass products and services are working properly despite the hack, according to a company FAQ.
Last Pass hasn’t disclosed other details when doing forensics. The stolen private data may allow thieves to exploit weaknesses in the company’s password management solutions.
The company’s FAQ says LastPass doesn’t save customers’ “Master Passwords” for accessing their accounts. Instead of passwords, the company uses a “zero-knowledge” encryption mechanism. Only the customer’s device stores the Master Password.
The company’s FAQ says, “We don’t recommend any action for users or administrators.” For enhanced account security, enable multi-factor authentication. LastPass will update consumers on the inquiry.
Neil J. Rubenking received the email but isn’t concerned. Even if encrypted password vaults were accessed, “The password would prevent entry. LastPass never stores your password, only a hash “saying