After a data breach that took place several months ago, password manager LastPass reveals that the hacker may have accessed some sensitive customer information. It is therefore necessary to take certain precautions, for people who have stored “seed sentences” of cryptocurrency portfolios via this service.
LastPass password manager hacked
Last Thursday, the LastPass password manager teams informed that a hacker had gained access to sensitive datacompromised during a leak that took place on August 25:
“Based on our investigation to date, we have learned that an unknown malicious actor gained access to a cloud-based storage environment by exploiting information obtained from the incident we previously disclosed in August 2022. . »
A password manager allows, as its name suggests, to store all of its passwords, and to easily generate new, highly secure ones. The LastPass database, victim of hack, includes customers’ personal information stored on their safe. Said safe can contain all kinds of data, such as identity documents or private keys of cryptocurrency wallets, this data is therefore today subject to leaks.
Since the vaults are secured with passwords that are not stored by LastPass, the company clarifies that the data they contain remains despite everything supposedly secureas long as the password is not found.
However, an investor believes that LastPass would fail to disclose the full extent of the situationbecause four of his secondary wallets, whose “seed phrase” he stored on the application, have been emptied:
I think the situation at @LastPass may be worse than they are letting on.
On Sunday the 18th, four of my wallets were compromised. The losses are not significant.
Their seeds were kept, encrypted, in my lastpass vault, behind a 16 character password using all character types.
— path.eth 🛡️ (@Cryptopathic) December 23, 2022
If the victim reassures that the losses are not significant, he insists that his vault password was used nowhere elseand that its complexity precludes the possibility of a “brute force attack” crack.
👉 Limit the risk of hacking with 7 best practices
The best way to secure your cryptocurrencies 🔒
🔥 The world leader in crypto security
What if you use LastPass?
Given the sensitive data that may be hiding behind all of these passwords, public communication from LastPass alone should not be trusted.
If you store crypto wallet seed phrases on this service, it would be wise to transfer all of these funds to an address based on a different private key as a precaution.
Change the master password for accessing the vault won’t be enoughbecause the current password would remain the same on the stolen database, and the hacker(s) could still access the information hosted on it.
It would therefore be prudent to change password manager, but above all to reset all the passwords of all of your accounts considered “sensitive”. For two-factor authentications (2FA) hosted on the application, it should also be reset to use another service.
If this data leak is beautiful and much more serious than what LastPass claims, we must also take into account the fact that any credit cards or identity documents that were stored in these safes could also be in danger.
👉 Listen to this article and all other crypto news on Spotify
Progress in the world of cryptocurrencies with Cryptoast experts 📘
Receive a summary of crypto news every Monday by email 👌
What you need to know about affiliate links. This page presents assets, products or services relating to investments. Some links in this article are affiliated. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and could not be held responsible, directly or indirectly, for any damage or loss caused following the use of a good or service highlighted in this article. Investments related to crypto-assets are risky by nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
AMF recommendations. There is no guaranteed high return, a product with high return potential involves high risk. This risk-taking must be in line with your project, your investment horizon and your ability to lose part of this savings. Do not invest if you are not ready to lose all or part of your capital.
To go further, read our Financial Situation, Media Transparency and Legal Notices pages.