Shulou(Shulou.com)11/24 Report--

CTOnews.com, December 23, Karim Karim Toubba, CEO of password management tool LastPass, said in an updated blog post today that he is still investigating the cyber security attack at the end of November this year and has confirmed that hackers have stolen users' names, addresses, e-mails, phone numbers and other information.

CTOnews.com learned that in this blog post, he wrote:

Our current survey results show that the hackers obtained the cloud storage access key and the dual storage container decryption key, and copied the information containing the customer's basic account information and related metadata from the backup, including the company name, end user name, billing address, e-mail address, phone number, and the IP address where the customer accessed the LastPass service.

To make matters worse, in this security incident, the user's password base was also copied by hackers.

Hackers can copy backups of customer password library data from encrypted storage containers, which are stored in proprietary binary formats, including not only unencrypted data such as website URL, but also fully encrypted sensitive fields, including website usernames and passwords, security notes and form fill-in data.

These encryption fields maintain the security of 256bit AES encryption and can be decrypted only by using the unique encryption key obtained from each user's master password using our zero-knowledge architecture. One thing to remind you is that LastPass will never know the master password, and LastPass will not store or maintain these passwords. The encryption and decryption of the data is performed only on the local LastPass client. For more information about our zero knowledge architecture and encryption algorithms, please visit here.

Although the user's password base is still protected by their master password, hackers may attempt brute force, phishing, or social engineering attacks. Therefore, if you have used or are still using LastPass, it is recommended to change your password.

LastPass said its investigation was ongoing and was "committed to keeping you informed of our findings and updating you on the actions we are taking and any actions you may need to take".

Related links:

"related to the August incident, data leakage occurred again in password management tool LastPass"

"LastPass admits that the source code was stolen by hackers, but does not disclose user data."

"LastPass has been hacked, and CEO ensures that there is no user data disclosure."

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.