LastPass Hacked for the Second Time in 6 Months

LastPass Hacked for the Second Time in 6 Months

Keeping track of all your passwords is difficult, particularly when you need to constantly choose complex and varied passwords to maintain some semblance of security online. LastPass was founded in 2008 to make things easier, but it is developing an unfortunate reputation. The company has announced it was the victim of a security breach recently, making it the second one in six months. And if you look further back, this just keeps happening to LastPass.

According to the latest LastPass blog post, its security team recently detected unusual activity in a cloud storage account it shares with its partner brand GoTo. After investigating, the team confirmed that the unknown attackers used data acquired during the previous August 2022 breach to gain access to the system. At the time, LastPass claimed there was no evidence that the breach included access to user data, but now they have.

LastPass says it has alerted law enforcement and has continued working to fully understand the scope of the latest infiltration. That’s a bit of a sticking point, though. While LastPass says the cyber criminals gained access to “certain elements” of customer information, it has not provided any specifics beyond one admittedly important point: customer passwords. LastPass encrypts all user passwords and does not have the means to decrypt them. So even if the attackers did manage to copy user account data, it is unlikely they would be able to access it.

LastPass Hacked for the Second Time in 6 Months

The history of LastPass security flaws is extensive for a small company that has only been around since 2008. In 2011, attackers stole user data from LastPass, forcing users to change their master passwords. It happened again in 2015, which is when LastPass started using stronger encryption. In 2016, 2017, and 2019, there were serious vulnerabilities reported by security researchers, all of which were patched. Just last year, users had to change their master passwords following malicious login attempts that the company blamed on credential stuffing. However, affected individuals claimed their LastPass credentials were unique. We never got closure on that one, but here we are in 2022 with a pair of LastPass breaches.

Passwords are an imperfect way to secure accounts. You either choose strong passwords that require a third party to manage, or you keep the passwords simple. In either case, you could end up getting hacked. It’s no wonder Microsoft, Google, and others are trying to kill the password.

Continue reading

SpaceX Cancels Starship High-Altitude Test at Last Second
SpaceX Cancels Starship High-Altitude Test at Last Second

SpaceX says the cancellation was due to abnormal readings from one of the rocket's three Raptor engines. There are more potential launch windows coming up, but it's unclear what went wrong and how long it'll take to fix.

Fusion Reactor Sets Record By Running for 20 Seconds
Fusion Reactor Sets Record By Running for 20 Seconds

A team from South Korea just made a major advancement — the Korea Superconducting Tokamak Advanced Research (KSTAR) device recently ran for 20 seconds. That might not sound impressive, but it doubles the previous record.

New Xiaomi Phone Has a Secondary Display in the Camera Hump
New Xiaomi Phone Has a Secondary Display in the Camera Hump

Chinese mobile giant Xiaomi is set to announce a new device called the Mi 11 Ultra, and the device has leaked early. It's got a giant camera module that supports up to 120x zoom, and there's even an extra screen. Yes, a screen in the camera hump. Because why not, I guess?

AMD May Soon Become TSMC’s Second-Largest Customer by Revenue
AMD May Soon Become TSMC’s Second-Largest Customer by Revenue

AMD is set to become TSMC's second-largest customer by revenue in 2021, thanks to the trifecta of pandemic-related demand, a highly competitive roadmap, and currently manufacturing chips for every gaming device people want that isn't a Switch.