![]() Within a year, in July 2016, a new security vulnerability in the autofill functionality was identified and then detailed by the representative of DETECTIFY, an independent online security firm.īasically, the article raised new suspicions about whether one could trust LastPass with their passwords: In 2016 A Vulnerability that Enabled Reading Plaintext Passwords Was Exposed The result? LastPass servers got hacked and the cryptographically protected content compromised. In June 2015 a post on the company's blog announced that their team had detected suspicious behavior on their network. Here's another answer to your “Can we trust LastPass?” question: In 2015 A Hacker Attack Compromised the Company's Servers When you do all of that, what you're potentially left with is the ability to see from that data whether a guess on a master password is correct without having to hit our servers directly through the website.”Ģ.3. “ You can combine the user's e-mail, a guess on their master password, and the salt and do various rounds of one-way mathematics against it. Well, the attacker could check thousands of passwords in a short period of time, using a combination of user emails, guesses on their master password and the salt.Īs LastPass CEO confirmed it himself back then, in an interview for : What kind of risks did this “abnormal activity” entail? Therefore, suspicions arose that a hacker might have accessed their servers. Later on that year, in May, the company's team spotted a new “anomaly” in both their incoming and outgoing network traffic. That Same Year A Second “Likely” Security Breach Was Identified
0 Comments
Leave a Reply. |