Unfortunate! LastPass Hacker Now Steals Brankas User Password
JAKARTA - LastPass, the password management giant, has informed that cybercriminals or hackers have successfully accessed the user's password safe on Thursday, December 22.
However, LastPass CEO Karim Toubba said that hackers did not obtain user credit card data, because the card number was not archived in the same cloud storage.
"There is no evidence that unencrypted credit card data has been accessed. LastPass does not store a full credit card number and credit card information is not archived in this cloud storage environment," Toubba explained in a blog update.
Currently, Toubba predicts the possibility of phishing attacks, credentials, or other gross force attacks targeting LastPass customer safes. The company recommends not to click or easily believe messages sent on behalf of LastPass.
"To protect yourself from social engineering or phishing attacks, it's important to know that LastPass will never call, email, or send you an SMS and ask you to click on the link to verify your personal information," he stressed.
In addition, apart from getting into the vault or safe from LastPass clients, never enter your account's main password. "LastPass will never ask for your main password," said Toubba.
LastPass said that this incident occurred because the hackers used information obtained from an incident previously disclosed in August 2022.
Currently, LastPass has taken active steps to rotate all relevant credentials and certificates that may be affected and complement the security of existing endpoints.
"We are also conducting a thorough analysis of each account with signs of suspicious activity in our cloud storage service, adding additional protection in this environment, and analyzing all the data in this environment to ensure we understand what threat actors are accessing."
Toubba also said it had reported to the authorities, and an investigation is currently underway for this incident.