LastPass got hacked again! Yes, hackers managed to cross the security barriers twice in the same year. The first incident occurred in August, and this time they managed to gain access to third-party cloud storage and steal user data from there.
There is very little chance that you do not know LastPass. It is one of the most popular password manager services and caters to 33 million users worldwide. But for a company that stores the passwords of so many people, getting hacked twice points to a deep-rooted flaw in security implementation.
Are my LastPass passwords safe?
It is the question that pops into every user’s mind who trusted LastPass with their passwords. The company announced the news of the new attack on Twitter and assured that the passwords were safe. It is because of their zero-knowledge architecture, which doesn’t save the master password created by the user. So, no one except you can access your LastPass passwords.
But it is just an assurance. No company claims that its product is vulnerable to threats. Moreover, the recent attack is a result of the data obtained during the first attacks. Hackers used the data to gain access to the cloud storage and then steal customer data. LastPass hired Mandiet to check out the details of the breach and the extent to which the damage occurred.
Even if LastPass says that your passwords are safe and sound, personal data being stolen is no joke. Hackers can use that personal data to target customers or sell it to the highest bidder. Moreover, since the last attack, there hasn’t been a robust repatching of security measures which resulted in a second breach.
For a company that has over 100,000 businesses as its customers, a hack like this is concerning. LastPass removed many features from its free tier in 2021 and has since then been in news for all the bad reasons. These two recent hacks showcase how little any firm thinks about data safety and the need for cybersecurity engineers today. Moreover, these hacks may compel many users to shift to another password manager app.