LastPass hacked again - Is it time to say goodbye?

One of the big names in password managers, LastPass, was breached last August. At the time, the company claimed that no user data was compromised.

An update in December revealed the hackers then launched a phishing campaign against a LastPass employee, obtaining credentials and keys they used to decrypt some basic customer data, but passwords or usernames remained safe.

Are you still reeling from those past attacks? LastPass just shared some more bad news. If you’re a customer, you will want to read this.

Popular password manager hacked again

In a post titled “Incident 2 – Additional details of the attack,” LastPass announced that the second attack was more damaging than initially thought. The following is a timeline of events.

The first attack

In August, LastPass announced that a threat actor gained unauthorized access through a single compromised developer account. The hacker stole encrypted LastPass credentials, source code and proprietary LastPass technical information.

LastPass said customer data was safe, as the decryption keys can only be retrieved from the following:

  • Closely guarded on-premises data centers.
  • A highly restricted set of shared folders in a LastPass password manager vault used by just four DevOps engineers for administrative duties.

This attack concluded on Aug. 12, 2022.

The second attack

The hackers then launched a phishing campaign against an employee, obtaining credentials and keys, which they used to access and decrypt storage volumes within the cloud-based storage service.

Continue reading

37 million customers exposed in T-Mobile data breach

Hackers go after big companies for all the juicy customer data they can provide, and no organization is safe.

Just last month, DraftKings suffered a data breach. Here’s what to do if you have an account with the online sports betting service.

Continue reading

Working the system: Cybercriminals are using hacked government and law enforcement email addresses to request customer data from Big Tech companies. Police usually need a search warrant for files and messages, but for basic details like phone numbers, login credentials and approximate locations, a request is all it takes.

Major ISP and cable company breached - And you'll never believe how

If you are a customer of Cox Communications, your data may have been exposed. The company revealed that it suffered a security breach, and customer data was compromised. Tap or click here for details on a recent GoDaddy breach that exposed 1.2 million user profiles.

Continue reading

Data breach warning: Wireless network usernames and passwords hacked

Verizon customers are having a bad week. Many have been receiving texts claiming to be from the company, thanking them for paying their bills. The message includes a link supposedly offering a little gift. Of course, it’s actually a scam looking to rip them off. Tap or click here for complete details.

Continue reading

🛒 You’re paying more: Grocery chain Kroger is working on electronic shelf labels that can adjust prices in real time based on factors like demand or the weather. It gets worse — they’re also planning to use facial-recognition cameras to serve shoppers more tailored ads. The real worry? Over time, Kroger could build customer profiles and figure out the maximum price you’d be willing to pay. Yikes.

Ever look at digital restaurant menus? You could open yourself up to more tracking

The pandemic has led to many changes, and among them is the rise in contactless systems. More people are using their smartphones to pay for goods and services. You may also have noticed an uptick in QR codes at establishments. These Quick Response barcodes make it easy to get more information about pretty much anything from an app to an article of clothing. They have other uses as well.

Continue reading

VPN apps with 35 million downloads caught stealing data

We already know tech companies are gleefully collecting our data for profit. Between selling data to advertisers and sharing it with law enforcement, you never know what’s happening with your information. But one thing remains certain: Data is big business.

Continue reading