LastPass, a password managing platform, recently said that hackers, who illegally accessed the company’s cloud-based storage environment in August of 2022, have a copy of consumer data. In the wake of this data breach, Computer Emergency Response Team (CERT-In) has issued an advisory and has warned Indian users that cybercriminals can undertake phishing attacks to compromise their accounts.
LastPass is a password manager that allows customers to reduce the reuse of passwords online, by storing them in a single app.
LastPass is a password manager that allows customers to reduce the reuse of passwords online, by storing them in a single app.
LastPass hacked
Last week, LastPass CEO Karim Toubba provided an update on a hacking incident which first took place in August 2022. He said that the company found in its investigation into the incident that an unknown threat actor accessed a cloud-based storage environment and stole source code and used it to target another employee of the company.
He noted that hackers obtained cloud storage access keys and dual storage container decryption keys which were “used to access and decrypt some storage volumes within the cloud-based storage service.”
The company also said that the threat actor copied information including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. However, the company says that the data is secured with 256-bit AES encryption.
Phishing attack threat
LastPass says that since the data is encrypted, threat actors may attempt to use “brute force” to guess the master password and target customers with phishing attacks, and credential stuffing.
CERT-In advisory on NetApp vulnerability
The Indian cyber agency has also issued an advisory on a vulnerability in NetApp OnCommandInsight products which could allow an unauthenticated attacker to bypass security restrictions on the targeted system. It says that an attacker could exploit this vulnerability by sending a specially crafted request and, if successful, allow the attackers to perform privileged operations.
5G Cyber Scam Alert: How you can and cannot get 5G on your phone
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
