Hacker Attack on Popular Password Program: Many Users Should Take Action

What we know about the attack so far: LastPass claims to have noticed unusual activity within a third-party cloud storage service. An investigation was then immediately opened by a security company and the police alerted.

So far, it has been determined that unauthorized people have been able to access the cloud servers. The amount of information needed for this seems to exist already in august 2022 fell into the hands of the attackers in another incident. Unfortunately, LastPass doesn’t get more specific, but grants “access to certain information of our customers.” The ongoing investigation aims to shed light on this point.

LastPass emphasizes that passwords are securely encrypted due to the zero-knowledge architecture used. Like other password managers, LastPass encrypts passwords locally on users’ devices and only then syncs them to cloud servers. A secure master password is important, for which LastPass recommends the following criteria:
  • Longer: The longer the better, the master password should be at least 12 characters.
  • to mix together: Use a mix of upper and lower case letters, numbers and special characters.
  • Password : Passphrases are a good idea.
  • No information: Do not put any personal information in the master password, i.e. neither the names of your children nor your date of birth.

Source link