LastPass, one of the leading ones Companies διαχειριστών κωδικών πρόσβασης, ανακοίνωσε ότι οι hakers απέκτησαν πάρα πολλά privacy belonging to its customers, encrypted – hashed passwords as well as other data stored in its databases.
The revelation, which published on Thursday, comes as an update on a LastPass breach that was disclosed in August. At the time, the company said that someone gained unauthorized access through a single compromised developer account to parts of the password manager's development environment and "took parts of the source code and certain LastPass proprietary technical information”.
The company said at the time that customers' master passwords, encrypted passwords, personal information and other data stored in customer accounts were not affected.
In Thursday's update, the company said the hackers accessed personal information and related metadata, including company names, end-user names, billing addresses, email addresses, phone numbers and IP addresses that customers used to access LastPass services. The hackers also downloaded a backup copy of customer data that included unencrypted data such as website URLs and encrypted data fields such as usernames and website passwords, secure notes and data filled in forms.
“These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from the master code access by each user using the Zero Knowledge architecture,” said LastPass CEO Karim Toubba, referring to the Advanced Encryption Scheme which is considered strong.
The update said that in the company's investigation so far, there is no indication that the hackers gained access to unencrypted credit card data. LastPass claims it does not store credit card data in its entirety, and the credit card data it does store is kept in a different cloud storage environment than the one accessed by the hackers.
