A POPULAR password manager app has released new details about a major data breach.
LastPass revealed the new worrying details on its blog and is now facing criticism from security experts.
LastPass is popular on both iPhone and AndroidCredit: Getty
A report from Vice even warned outlet readers not to ditch the app and try a new password manager.
The new LastPass blog reveals details about a “second incident” that happened during a major data breach last year.
It states: “Our investigation found that the threat actor deviated from the initial incident, which ended on August 12, 2022, but was actively engaged in a new set of intelligence, enumeration and exfiltration activities targeting the cloud storage environment.” were aligned August 12, 2022 to October 26, 2022.”
It describes how a hacker accessed the home computer of one of the four engineers who had access to a cloud vault containing private customer information.
The criminal stole important access keys.
These keys are needed to access “LastPass production backups, other cloud-based storage resources, and some related critical database backups,” according to the blog.
Late last year, LastPass CEO Karim Toubba admitted that cybercriminals took “huge amounts of customer data, including names, email addresses, phone numbers, and some billing information” as part of the general security breach.
LastPass recommended its customers that the best thing to do right now is to change their Master Password.
This should mean that your current LastPass vault would now be backed up.
The company noted that it would be wise to change all passwords on your vault, especially those with personal and important information like bank accounts.
However, some people don’t believe that simply changing your LastPast details is enough to protect your apps on iPhone or Android.
Twitter is full of tweets expressing concerns about people still using LastPass.
One person said: “1. Use a password manager (NOT LASTPASS, obv). They create unique passwords for your accounts so you don’t reuse the same one. Try @Bitwarden or @1Password (not version 8 though, it’s terrible). “
Another retweeted a post about the injury, adding, “If you use LastPass, please don’t.”
However, some experts are championing the app.
Security researcher MG tweeted, “Just to be clear: while there is much to criticize about the LastPass product, the transparency of what has been posted today is great.
“It actually gives me some hope that I didn’t have before. The attacks shown here could happen to any company.
“Most would have handled it much worse. LastPass has a much higher goal on its back than most companies, so hopefully they’re modifying the product to accommodate that.”
We reached out to LastPass for comment.