LastPass, a leading password manager service, announced in August that it had been hacked.
The leak was discussed over the Christmas holiday by LastPass.
LastPass said in a post at the time of the hack that there was no evidence of customer data or password vaults being accessed.
In the last three months, LastPass has made three changes to that post. The hacker was able to gain access to the backups of the customer vault.
That includes both unencrypted data, such as website URLs, as well as fully-encrypted, sensitive fields such as website usernames and passwords.
The fields can only be decrypted with a unique encryption key derived from each user's master password, according to the post.
The company does not maintain or store LastPass users' master passwords.
Though LastPass uses a minimum 12-character master password, which includes symbols, numbers and capital letters, hackers could try to get into the data using a brute force attack.
It would take millions of years to guess your master password if you used the default settings.
According to Inc, customers should be wary of phish attacks, where someone pretending to be LastPass tries to get your password.
If customers use the default settings, there are no recommended actions that you need to take.
The site says that people who don't use the default settings should change their passwords.
LastPass says they won't email or contact users to get their password information.
Password managers store online credentials within a single program. Users don't have to remember complex passwords and they can keep them.
LastPass is one of the better known password managers.
All Rights Reserved © 2024
