LastPass Breach 2022 or How Not to Get Your Data Hacked and Compromised

LastPass Breach 2022

News about the latest data leakage of LastPass users has rocked the tech community. A myriad of end-user and company names, billing addresses, phone numbers, emails, and IP addresses have been compromised in a cloud service hack.

Furthermore, the attackers used earlier hacked data to access the users’ vaults. As a result, the backup of customer vault data, including URLs, usernames, form-filled data, secure notes, and passwords was also compromised and copied. 

Karim Toubba, the LastPass company’s CEO, wrote that hackers used brute-force attacks to obtain the master password and decrypt data kept in vaults. According to the information from a former LastPass developer, legacy users are much more exposed to data breaches due to outdated encryption algorithms. Even though LastPass improved encryption over the years, this update influenced only new users. Old accounts were not recoded automatically, remaining on simple algorithms. 

Let’s figure out what happened and what LastPass alternative you can choose not to get your data hacked or compromised. 

How Password Managers and Digital Services Are Hacked

Digital data storages are a real tidbit for cybercriminals and hackers, as today sensitive data can have much more value than cash. Thousands of digital identities and online accounts are hacked or compromised daily resulting in massive losses both for individuals and businesses. 

For example, after Twitter is hacked, 400 Million Twitter accounts are up for sale. Even celebrities are not protected against such breaches. For instance, the private information of well-known users such as Donald Trump JR and Steve Wozniak has become public. It is supposed that the amount of financial losses for Twitter could be nine figures.

LastPass Breach 2022

Speaking about LastPass, attackers used LastPass’s Zero Knowledge architecture to decrypt through a unique encryption key obtained from the master password of each user. The cybercriminals obtained keys and credentials to steal data from a backup stored in an independent cloud-based storage service that wasn’t a part of its production environment. The encrypted vault data was also stored in the same service’s “proprietary binary format.”

The attackers also stole proprietary technical data and source code from LastPass’s development environment using the compromised accounts of an employee.

Data leakage can be a result of various attacks, from brute-force and dictionary attacks to phishing and malicious software installed on your device. Go on reading to learn how to protect your sensitive data from third parties and how Passwarden (the best LastPass alternative) can help you with this.

How to Minimize the Risk of Being Hacked

A password manager is still the ultimate tool for storing your passwords and sensitive data.  Regardless of all the breaches and data leaks reported on the web, it is still the best alternative to paper notes or text documents for this purpose. This incident with LastPass only highlights the importance of modernizing encryption algorithms for developers and updating passwords for users. Passwarden can serve as an example of the responsible attitude of all involved in data security and here is why.

How to Minimize the Risk of Being Hacked

Security encryption algorithms 

Passwarden implements the bulletproof encryption algorithm AES-256 in GCM (authenticated encryption) mode that reliably codes all your sensitive data and guarantees the integrity of the stored valuable info. GCM is considered the best and most up-to-date encryption mode, as it includes authentication (control of the integrity and absence of data changes by an attacker).

When processing Master Password, Passwarden uses the Argon2 key derivation function, which is much more resistant to automated password guessing because it uses a lot of memory.

Importance of digital hygiene

Elementary digital hygiene requires creating long, complex, and unique passwords for not to become a victim of brute-force attacks. The best practice is to use all possible security technologies and features offered by a password manager. Security Dashboard in Passwarden will let you know if any of your passwords are weak, hacked, or compromised to prevent you from possible data leaks. 

TFA - reliable mate of Master Password

In rare situations, the main target for hackers can be your master password. It should be unique and strong to minimize the risk of being brute-forced. The good news is that Passwarden offers an additional layer of security - a two-factor authentication feature. To access your account attackers will need a second factor, such as an authenticator, phone, or emailed code that will be almost impossible to get. 

Regular updates - key to protected data

And last, but not least, is the regularity of software updates provided by KeepSolid for its Passwarden password manager. The team of developers is working hard to implement brand-new technologies and algorithms in the product to make the user experience smoother and safer.

December 27, 2022