The hackers obtained information, including cloud storage access keys, as well as company and user names, contact details, and IP addresses. In addition, the hackers copied customer vaults and their details.
LastPass Hackers Send Phishing Texts to Users
On December 25th, LastPass hackers began sending phishing text messages to users asking them to upgrade to OKX. Several Twitter users reported receiving these texts.
LastPass CEO Karim Toubba on Measures Taken to Protect Customers
CEO Karim Toubba stated that the company is taking various measures to protect its customers, including adding more logging to detect suspicious activity, recreating the development environment, rotating credentials, and more. LastPass also emphasized that, due to the hashing and encryption methods used to protect customers, it would be very difficult to guess master passwords using brute force for those who follow password best practices. The company regularly tests the latest password-cracking technologies against its algorithms to enhance cryptographic controls.
LastPass Advises Users never to Reuse Master Password
LastPass advises all users never to reuse their master password on any other website. This is especially important following the recent hack in which hackers obtained access to customer storage volumes in the cloud. It is essential to use unique, strong passwords for all online accounts to protect personal and sensitive information.