LastPass said the hackers obtained information including cloud storage access keys, company names, usernames, contact details, etc., and IP addresses. On December 25, Last Pass hackers began sending phishing text messages asking users to upgrade OKX. LastPass warns users not to use their master password on another website.
In an official blog post dated December 22, password management app Last Pass acknowledged that attackers stole source code and technical data from its development environment. Last Pass said hackers obtained information including cloud storage access keys, copied information including company name, username, billing address, email address, phone number and IP address.
On December 25, Last Pass hackers started sending phishing text messages to users asking them to upgrade OKX. Many Twitter handles have complained about receiving text messages.
In its blog, Lastpass also said that the hackers also listed customer slots in its details. After the runners received information from the Lastpass development department, the user was targeted. Hackers then steal credentials and keys to open Last pass’s cloud storage.
Due to the hashing and encryption methods we use to protect our customers, attempts to force a master password will be difficult for customers who follow our password best practices. We test the latest password cracking technologies against our algorithms to track and improve our cryptographic controls.
LastPass warns users not to use their master password on another website. CEO Karim Toubba added that the company is taking all kinds of measures, including adding additional records to detect suspicious activity in the future, reconfiguring its development environment, changing credentials, etc. still.