Password manager with 25 MILLION users breached in mysterious cyber attack

One of the world’s most popular password managers has been hacked by cyber crooks.

LastPass, which has 25 million users, confirmed the breach on Monday, although user data appeared unaffected.

One of the world's most popular password managers has been hacked

1

One of the world’s most popular password managers has been hackedPhoto credit: Getty

That means the attackers didn’t access the millions of passwords stored on the service, according to the company.

Instead, source code and “proprietary technical information” were stolen in the breach, said LastPass CEO Karim Toubba.

That’s not good news for the company itself and could open it up to more cyberattacks in the future.

I was with Married At First Sight UK and this is how you plan your wedding
Pupils to be beaten with wooden bats while schools bring back corporal punishment

However, this means that its users’ passwords are safe for now.

That’s because users’ Master Passwords are never stored on the company’s servers.

These are the credentials users use to access their LastPass accounts.

“LastPass can never know or access our customers’ Master Password,” Toubba said.

“This incident did not compromise your Master Password.”

As such, LastPass says users don’t need to take any action regarding their password vaults.

LastPass said it has hired a leading cybersecurity and forensics company to investigate the matter.

It added that there was no evidence of any other malicious activity.

Password managers have grown in popularity in recent years, with Apple, Google, and other tech giants all running their own versions.

They make it easy to use unique strong passwords across multiple accounts, which is an important first step in staying safe online.

However, their rising popularity has made the services a major target for hackers.

Breaking into a password manager’s servers could theoretically give attackers access to any password on your accounts.

Experts advised LastPass users to enable multi-factor authentication (MFA) settings to ensure their accounts are secure.

This adds an extra layer of security by prompting you, for example, to enter a code that will be sent via SMS or email when you log into your account.

Tom Davison, a mobile security expert at cyber firm Lookout, said Information SecurityBuzz: “It does not appear that user data or password vaults were compromised in this case, however, source code has been confirmed to have been stolen and attackers will be intensively searching for potential vulnerabilities to exploit.

“LastPass users should remain vigilant, following the news and looking for any unusual activity or login notifications in their accounts.

I was with Married At First Sight UK and this is how you plan your wedding
Pupils to be beaten with wooden bats while schools bring back corporal punishment

“It’s really important to configure all available LastPass MFA settings, including using an authenticator app to secure logins.

“For most users, additional MFA verifications will be performed via a mobile device – it’s important that this is secured as well.”

The best tips and hacks for phones and gadgets

blank

Looking for tips and hacks for your phone? Want to find these secret features in social media apps? We’ve got you covered…

Get the latest news about WhatsApp, Instagram, Facebook and other tech gadgets here.


We pay for your stories! Do you have a story for The Sun Online Tech & Science Team? Email us at tech@the-sun.co.uk


https://www.thesun.ie/tech/9330116/password-manager-25million-users-breached/ Password manager with 25 MILLION users breached in mysterious cyber attack

Fry Electronics Team

Fry Electronics.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@fry-electronics.com. The content will be deleted within 24 hours.

Related Articles

Back to top button