So customers using a strong, unique master password are probably out of the woods, as Mr. Toubba’s post recommended that customers never reuse the master password for other websites otherwise, cybercriminals could use a stolen password from a breached website to access the customer’s LastPass account (a cyberattack known as “credential stuffing”). Toubba’s post, it would take cybercriminals “millions of years” to guess the master password for customers with a strong master password of at least twelve characters in length. LastPass customers use a master password to log into their LastPass account. Toubba’s blog post, the hacked password vaults were encrypted-and the data secure-as long as the customer’s master password conformed to LastPass’s “default settings” and the customer followed the company’s “password best practices.” While it’s appalling that LastPass chose to be a Grinch and drop the bombshell notice during a festive period-when people are rejoicing with family and businesses are closed for the holidays-LastPass’s advice to customers whose vaults were hacked was equally shocking: maybe do nothing.Īccording to Mr. Karim Toubba, the chief executive officer of LastPass, warned in a December 22nd blog post about a data breach in which hackers copied a backup of customer vault data, resulting in potentially millions of passwords falling into the hands of cybercriminals. Three days before Christmas in 2022, LastPass, a company that promises to keep your passwords safe, handed its 33 million customers a lump of coal.
0 Comments
Leave a Reply. |