The recent security issues at LastPass, a popular password management vault, have only gotten worse. Despite reporting a security breach back in August 2022, ongoing hacking attempts have finally succeeded in penetrating the company’s security.
In December 2022, LastPass released an update on the extent of the problem. Hackers were able to access the company’s security vaults and obtain a significant amount of user data, including end-user names, company names, addresses, email addresses, telephone numbers, and user IP addresses. While LastPass claims that no credit card data or master passwords were compromised, the hackers were able to copy a backup of customer vault data, which includes unencrypted URL records of users and copies of encrypted data such as website usernames and passwords.
This means that the hackers now know where users have been and who they are. LastPass is used by over 33 million people and 100,000 businesses, according to the company’s own numbers.
The initial security breach in August was the result of malware that was installed on a LastPass developer’s device, allowing the hackers to access the company’s source code repository. In November, LastPass discovered more activity related to the August hack, when an unauthorized party gained access to certain elements of customer information.
Despite these issues, LastPass assures that important customer data remains secure, but recommends changing the master password and being vigilant against phishing attacks or blackmail attempts. The company is continuing to monitor the incident and has notified law enforcement and relevant regulatory authorities.