In August, LastPass announced that it was hacked, but no user information was stolen. And now they are saying that the hacker stole users’ passwords by re-entering the system using various information stolen from the company in that attack.
The company says the attacker managed to steal a ‘backup copy’ of customer data.
“The backup contained ‘unencrypted’ data such as website URLs as well as fully ‘encrypted’ data such as site ‘usernames’, ‘passwords’, secure ‘notes’ and ‘form-filled’ data.” — said lastpass.
According to the report of the Independent, the information that was encrypted before this cyber attack, remains intact. As a result, it would be very difficult for an attacker to gain access to them. Hackers need a ‘master password’ to get in, which unlocks the data’s encryption system and makes passwords visible.
According to LastPass, their own password policies make it very difficult for an attacker to break into it. Even if someone uses the ‘default setting’ on it, it will take them ‘millions of millions of years’ to guess that password.