LastPass revealed that attackers had stolen customer vault data. Fortunately the stolen vaults had been encrypted using the customer’s master key, which is never known to LastPass. However the attackers might attempt to brute force the passwords to gain access to the contents in the stolen vaults. The hackers stole the data by gaining access to LastPass’ cloud storage service, which is used to store archived backups of production data. They got access by using the access and decryption keys that were stolen during the August 2022 incident.
This segment was created for the It’s 5:05 podcast