At this point, I recommended that users change their master password, which would also re-encrypt their password vault, based on better safe than sorry. ![]() With local access to the encrypted databases, this becomes a lot easier to pull off but is still dependent on the user either having a weakly constructed master password or one reused across services, including one that has been compromised. Unless, of course, they used brute-force methods to try known passwords from other breaches. This meant the attacker now had customer password vaults but not the means to open them. ![]() LastPass attacker stole customer password vaults
0 Comments
Leave a Reply. |