Yahoo’s senior information security engineer Jeremi Gosney (opens in new tab) is also extremely critical of the response from LastPass, as well as its general approach to security.
Wladimir Palant (opens in new tab), security researcher and creator of AdBlock Plus, says that “The statement is full of omissions, half-truths and outright lies.” Senior security researcher John Scott Railton (opens in new tab) considers the hack a far more grave threat than reported – both to individual users as well as companies that employ LastPass for corporate password management. Noted cybersecurity experts have queries about LastPass’ recent updates. It may be cold comfort, but at least users of Join.Me, Central, Remotely Anywhere, and Hamachi haven’t lost every single one of their most sensitive passwords to criminals. The overall damage may be relatively less severe for users of these four services, because the exposed passwords and data largely relate to customer activity on a single service. The company has also reset potentially compromised passwords, reauthorized hacked MFA settings where applicable, and migrated affected accounts into an enhanced “Identity Management Platform, which will provide additional security with more robust authentication and login-based security options.” GoTo (opens in new tab) stated that they are reaching out to affected customers directly with updates and recommendations for next steps to user safeguard accounts. All of those encrypted backups and encryption keys are also now in the hands of hackers, who can use all of the private information to disrupt other parts of your digital life. The above risks apply equally for users of other hacked GoTo products, Central, Remotely Anywhere, and Hamachi. However, LastPass claims it would be extremely difficult – taking up to “millions of years” (opens in new tab) – to brute force guess master passwords for those customers who have followed their password best practices (opens in new tab). But how many customers have done that? Risks for other GoTo product users That means full access to your emails, bank accounts, healthcare data, tax information, social media accounts – you name it.Īccording to LastPass, hackers may attempt to use brute force to guess your master password and decrypt the copies of vault data they took. Should they manage to crack your master password, they can take over your online life.
Hackers now have a copy of your entire password vault. All 30 million LastPass (opens in new tab) users, with data stored on the company servers as of August 2022, are at risk.
0 kommentar(er)
