According to LastPass, the hacker gained access to a third-party cloud storage service that it uses to store customers’ encrypted data.
Password managers make it extremely convenient to manage passwords for the multitude of websites, accounts, and other services that people use today. There are many password management apps and services out there, but very few of them offer a good experience like LastPass without paying any fees.
However, LastPass has just said it is a victim of cybercriminals , who have gained access to a wide range of data, including passwords used by customers.
According to the description, the threat actor now has a backup copy of the user’s LastPass archive, which may include web logins, credit card numbers, and other important information.
LastPass says users’ data will be safe as long as they use a strong enough master password, as it’s not easy to decrypt that data with LastPass’ 256-bit encryption.
The company is also urging users to change their master password for added security and is also reminding users not to use their master password (used for LastPass) on other services and websites.
Because if those passwords are compromised before, malicious actors can easily gain access to the victim’s LastPass account. This is the second time this year the service has warned users for being a victim of hackers.