From the LastPass blog Today December 23
"To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,"
The vaults are encrypted, BUT
the encryption is proprietary and a previous LastPass breach stole source code.
AND LastPass customers can expect an increase in phishing and other attacks
No comments:
Post a Comment