Last Pass Data Breach: Four Things You Should Know

Close-up of a cell phone being held up in front of a laptop. The cellphone display reflects a static Last Pass company logo.

Last Pass is a company know for being a reliable and easy to use password manager. However, the past few months have been rough for the company. They experienced a data breach in August, and that brought in yet another data breach in November. The November data breach is even more significant because hackers were able to access the password vaults of users. 

How many people were affected by the Last Pass data breach?

The company did not provide specifics, however it’s suspected that around 33 million users and more than 100k business accounts were affected by the data breach. It’s a significant issue, one that pushed Last Pass to release a statement acknowledging the problem and sharing the type of solutions they are integrating to solve such an issue.

Were any master passwords stolen?

According to Last Pass, these fields are encrypted with 256-bit AES encryption. They can be decrypted only with the unique decryption key that comes from the master password. The company uses their own Zero Knowledge architecture to prevent any issues, and thus the master password is never known to Last Pass, nor do they maintain it. Instead, only the local client for Last Pass knows the information. In doing so, it allows you to keep all that data safe and not worry about any repercussions or challenges.

Was any credit card data accessed during this data breach?

Last Pass states that there is no evidence that unencrypted credit card data was accessed. According to the company, they are not storing credit card info or credit card numbers in their cloud storage environment. 

What did the hackers access during this breach?

It seems that the hackers accessed usernames, passwords, company names, but also IP addresses from which clients accessed the password locker system. This is just what was made public, but the reality is that even more information might have been compromised. Since the company admitted that attackers have user passwords, that shows it’s a very good idea to change those passwords and even the master password just to be safe.

It seems that an employee account was compromised in order to gain authorized access to the development side of Last Pass. So aside from the customer data that was stolen, hackers might have access to some upcoming features as well. As we mentioned earlier, this is the ideal time to change your passwords. Asking Last Pass for assistance and guidance in order to protect your info might be a good too!

In other news…RSA Unveils Unique Solution For Mobile Device Security

Related Posts