Password manager with 25MILLION users breached in mysterious cyber attack | The Sun

ONE of the world's most popular password managers has been hacked by cyber crooks.

LastPass, which has 25million users, confirmed the breach on Monday, although user data was apparently not affected.

That means the millions of passwords stored on the service were not accessed by the attackers, according to the company.

Instead, source code and "proprietary technical information" was pinched in the breach, LastPass CEO Karim Toubba said.

That's not great news for the company itself and could open it up to further cyber attacks in future.

Read More on The Sun

I’m a primary school teacher…the things I can’t stand kids bringing to school

I doubled my annual income thanks to my side hustle and made £99k in a year

However, it means that its users' passwords are safe for now.

That's thanks to the fact that users' master passwords are never stored on the company's servers.

Those are the credentials that people use to access their LastPass accounts.

"LastPass can never know or gain access to our customers' master password," Toubba said.

Most read in Tech


Inside 3-decker SKY WHALE that can carry 755 people & is bigger than Boeing-747


Every iPhone owner MUST change settings as soon as possible or it could cost you


Urgent warning for ALL WhatsApp users – texting has just changed forever


Every iPhone user urged to try out genius trick to boost battery life

"This incident did not compromise your master password."

As such, LastPass says that no action is required by users in regard to their password vaults.

LastPass said that it has assigned a leading cybersecurity and forensics firm to investigate the matter.

It added that there is no evidence of further malicious activity.

Password managers have rocketed in popularity in recent years, with Apple, Google and other tech giants all operating their own versions.

They make it easy to use unique strong passwords across multiple accounts, which is a key first step to staying secure online.

However, their rising popularity has made the services a big target for hackers.

Breaking into a password manager's servers could theoretically give attackers access to every password to your accounts.

Experts advised LastPass users to activate multi-factor authentication (MFA) settings to ensure that their accounts are safe.

That adds an extra layer of security by requiring you to type in, for example, a code sent by text or email whenever you log in to your account.

Tom Davison, a mobile security expert at cyber firm Lookout, told InformationSecurityBuzz: "It does not appear that user data or password vaults have been compromised in this case, however source code was confirmed stolen and attackers will be looking hard for potential weaknesses to exploit.

"LastPass users should stay vigilant, follow the news and watch for any unusual activity or login notifications across their accounts.

Read More on The Sun

I’m a primary school teacher…the things I can’t stand kids bringing to school

I doubled my annual income thanks to my side hustle and made £99k in a year

"It is really important to configure all of the available MFA settings provided by LastPass, including the use of an authenticator app to secure logins.

"For most users, additional MFA confirmations will be done via a mobile device – it is vital that this is secured too."

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…

  • How to delete your Instagram account
  • What does pending mean on Snapchat?
  • How to check if you've been blocked on WhatsApp
  • How to drop a pin on Google Maps
  • How can I change my Facebook password?
  • How to go live on TikTok
  • How to clear the cache on an iPhone
  • What is NFT art?
  • What is OnlyFans?
  • What does Meta mean?

Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.

We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]

    Source: Read Full Article