Because of the importance of maintaining a level of online security, it may be challenging to keep account of all your credentials. LastPass was created in 2008 with the intention of making life simpler, but it has since earned bad notoriety. It’s the second security breach the company reported in the last six months. If you go further, you’ll see that this has been a recurring problem with LastPass for quite some time.
The current blog post from LastPass claims that the company’s security team has been keeping an eye out for any suspicious behavior in the cloud storage service it maintains with its associate brand GoTo. The group’s investigation revealed that the unidentified intruders had already breached the network in August 2022 and utilized information stolen then to gain entry to the system again. LastPass denied that users’ data was compromised during the attack at the time. However, they have now shown proof to the contrary.
According to LastPass
LastPass claims to have notified authorities and is still investigating the extent of the most recent hack. That’s where things become a little tense, however. LastPass claims that hackers accessed “some pieces” of user data, but the company has only supplied details about one piece of data—user passwords—which is undoubtedly crucial. Passwords in LastPass are encrypted and cannot be accessed in their original form. Thus, it is very improbable that the hackers would’ve been able to access user accounts even if they were able to get such information.
For such a young firm, LastPass has had quite a few security issues. LastPass was a popular password management service that was targeted by hackers in 2011. At the time, customers were forced to reset their primary passwords. Once again, this occurred in 2015, prompting LastPass to upgrade its encryption. As revealed by security experts, critical flaws were addressed in 2016, 2017, as well as 2019. The business attributed credential stuffing to a spike in attempted hacking last year, prompting customers to alter their master passwords. People who were hacked into LastPass insisted, nevertheless, that their details were different from everyone else’s. There was never any resolution to the matter, and now we find ourselves in 2022 with not one but two separate LastPass hacks.
Account security using passwords is flawed. Either you use complicated passwords that need to be managed by a third party, or you don’t use any passwords at all. Possible outcomes include being hacked either way. It’s easy to see why IT giants like Microsoft and Google are striving to eradicate the need for passwords.