![]() For example, if someone has a password for Bank of America’s website, they might have an account there, and would be an excellent target for phishing emails that look like account alerts from the bank. Someone with the leaked data would be able to see all the websites that were associated with passwords, then use that for more targeted phishing. Names and billing addresses can be used in more attacks, and the website addresses for stored passwords were not encrypted. LastPass just disclosed the full scope of the attack, following an “ongoing investigation.” The hacker was able to access a cloud storage environment using data from the August security breach, which included “basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.” Credit card information was apparently not accessed.Įven without the master password, the leaked data could be damaging for some LastPass users. Later in December, LastPass confirmed a hacker was able to use that data to “gain access to certain elements of our customers’ information.” The company didn’t clarify what “certain elements” meant, until now. LastPass suffered a security breach back in August, when a hacker gained access to development environments and was able to steal source code and other proprietary information. ![]() Now the company has confirmed the last one was really bad. LastPass used to be one of the best password managers, but more recently, its reputation has taken a hit from multiple security breaches.
0 Comments
Leave a Reply. |