One of the most widely used password managers globally, was the victim of an attack by cybercriminals. We are talking about LastPass, one of the safest sites in the Android system, which has seen the data of all its users at risk.
The company has indicated through its official blog that it has been the victim of a massive data theft, due to the fact that a third party has been able to access its cloud storage service where the backup copies of said data are stored. The manager pointed out that the attackers “obtained the access key to the cloud storage and the decryption keys of the dual storage container”, they made a copy of all the data present in the cloud, among which are: the names companies, end-user names, billing addresses, email addresses, phone numbers, and IP addresses from which customers accessed their passwords in LastPass.
Also read: WhatsApp will allow you to recover deleted messages
With this information, the company maintains that cybercriminals could have accessed the passwords that users have stored in their vaults. However, LastPass claims that the keys are safe as they are protected with 256-bit AES encryption that can only be cracked by a unique encryption key derived from each user’s master password, which is not stored in the platform servers.
To prevent user passwords from being compromised, the company recommends that users review their master password and advise that it be at least 12 characters long and that it has not been reused as a password for other websites.