LastPass admits to customer data breach caused by previous breach
If you’ve ever wondered what it’s like to be the victim of a data breach, here’s a good place to start.
In other words, even if the criminals weren’t able to dig around in customer records directly from the account of the developer who got infected by malware back in August, it seems that the crooks nevertheless made off with internal details that indirectly gave them, or someone to whom they sold on the data, access to customer information later on. LastPass insisted that the developer’s account hadn’t given the criminals access to any customer data, or indeed to anyone’s encrypted password vaults. In short, even if it ultimately turns out that the crooks could have made off with personal information such as home addresses, phone numbers and payment card details (though we hope that’s not the case, of course), your passwords are still as safe as the master password you originally chose for yourself, which LastPass’s cloud services never ask for, let alone keep copies of.
Source read time: 3 min - nakedsecurity.sophos.com
Also offered in: Nederlands