Keeping track of all your passwords can be challenging, especially if you frequently select complicated and unique passwords to uphold a bare minimum of online security. LastPass was established in 2008 with the intention of simplifying things, however it is gaining a bad reputation. The business recently disclosed that it had experienced a security breach, the second in the previous six months. And if you go further back, LastPass keeps experiencing this.
In the most recent LastPass blog entry, the company reported that its security team had lately discovered strange activity in a cloud storage account it shares with its partner company GoTo. The team’s investigation revealed that the unidentified attackers had gained access to the system using information obtained from the prior August 2022 breach. LastPass initially argued that there was no proof that the breach included access to user data, but there is now.
According to LastPass, it has notified law enforcement and is still trying to determine the exact extent of the most recent intrusion. But there’s a little amount of friction there. LastPass has stated that “certain elements” of customer information were accessed by cybercriminals, but it has not provided any additional information beyond the customer passwords, which are undoubtedly crucial. All user passwords are encrypted by LastPass, which lacks the tools to decrypt them. Therefore, it is unlikely that the attackers would have access to the user account data even if they had managed to copy it.
LastPass has a long history of security flaws for a small company that has only been around since 2008. Attackers acquired user information from LastPass in 2011 and made users change their master passwords as a result. It occurred once more in 2015, the year that LastPass introduced greater encryption. Security researchers discovered severe flaws in 2016, 2017, and 2019, and all of them were fixed. Users had to update their master passwords just last year as a result of fraudulent login attempts that the business attributed to credential stuffing. However, many who were impacted asserted that their LastPass credentials were special. That case was never resolved, yet here we are in 2022 with two LastPass breaches.
An inadequate method of account security is passwords. Either pick secure passwords that a third party must manage, or make them short and basic. You might get hacked in any scenario. It makes sense that Microsoft, Google, and other companies would want to eliminate passwords.