A critical mass of users of the LastPass password manager would have detected successful login attempts to their account, therefore using themaster codewhich allows access to the app and then to all their other passwords. It is impossible to know precisely how many victims were targeted at the moment, however the figure is probably significant since the publisher has since reacted publicly.
According to him, there would simply be nothing to fear with hispassword manager.A statement that nevertheless worries a good number of customers, who for their part claim to have indeed been informed of remote access carried out by a third party.
For LastPass on the other hand, its services would not be included but the attack could have been perpetrated by adata leakfrom other companies. It happens that files are for free sale on thedarknet, then used by hackers to try to access this or that platform. Because yes, many still use the same password on various services: it would therefore be their fault.
UPDATE: To reiterate, we have no indication that#LastPasswas breached or compromised.
Here’s how LastPass protects you and steps you can take to stay secure:https://t.co/gNNjx333ps pic.twitter.com/rcWSIo9Q1x
— LastPass (@LastPass)December 29, 2021
Solutions
Worse still: it seems that among the complainants, many simply did nothaven't updated their password for a long time. However, it is advisable to do this regularly in order to avoid this type of debacle.
If you think you have been targeted, the best thing to do for the moment is to change your master password. You can alsoenable two-factor authentication. This will ask you to validate each connection from one of your devices.
Beware of overly tempting promises
As forthe iPhone that unlocks without its owner's authorization with Pegasus or Predator,no program is infallible, not even a password manager sold as “secure”.
A malicious Internet user can thus, whether withsocial engineeringor simply by having physical access to your machines, compromise them. It is even possible, in certain cases using for example zero-day vulnerabilities, to carry out such data theft or surveillance operations in complete discretion. Encryption applications are therefore not always sufficient in the face of the threat.
i-nfo.fr - Official iPhon.fr app
By : Keleops AG
