#Customer fallout after lastpass breach password#
They can do this becasue alongside the password vaults that were stolen, criminals also made off with customers' email addresses, as well as " basic customer account information", company names, end-user names, billing addresses, telephone numbers, and IP addresses.Īrmed with this data, attackers can send targeted phishing emails that attempt to steal the passwords needed to unlock the stolen password vaults.
However, there is another, far easier way for criminals to get at LastPass users' passwords, without cracking them: They can simply ask. So while some passwords will be so strong they are effectively uncrackable, many weaker ones are likely to be safe simply because they're too costly to uncover. The frequency with which passwords are uncovered diminishes exponentially, and the cost per password increases in the same way. LastPass's own assessment was that "it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best practices."īrute force guessing techniques may be successful for some weak passwords, but it's an approach that quickly runs out of steam. The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email.Īlthough the " unauthorized party" that compromised LastPass users' data was able to steal password vaults, it's likely that they are having a hard time cracking them open.
0 kommentar(er)
