Piratage de LastPass : des mots de passe chiffrés sont-ils dans la nature ?
news.movim.eu / Numerama · Friday, 23 December, 2022 - 10:15
Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/
chevron_right
LastPass users: Your info and password vault data are now in hackers’ hands
news.movim.eu / ArsTechnica · Thursday, 22 December, 2022 - 22:43
Enlarge (credit: Getty Images)
LastPass, one of the leading password managers, said that hackers obtained a wealth of personal information belonging to its customers as well as encrypted and cryptographically hashed passwords and other data stored in customer vaults.
The revelation, posted on Thursday, represents a dramatic update to a breach LastPass disclosed in August . At the time, the company said that a threat actor gained unauthorized access through a single compromised developer account to portions of the password manager's development environment and "took portions of source code and some proprietary LastPass technical information." The company said at the time that customers’ master passwords, encrypted passwords, personal information, and other data stored in customer accounts weren't affected.
In Thursday’s update, the company said hackers accessed personal information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses customers used to access LastPass services. The hackers also copied a backup of customer vault data that included unencrypted data such as website URLs and encrypted data fields such as website usernames and passwords, secure notes, and form-filled data.
Le gestionnaire de mots de passe LastPass a eu un incident, mais le pire a été évité
news.movim.eu / Numerama · Friday, 2 December, 2022 - 09:18
Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/
chevron_right
The number of companies caught up in the Twilio hack keeps growing
news.movim.eu / ArsTechnica · Friday, 26 August, 2022 - 19:54 · 1 minute
Enlarge (credit: Getty Images)
The fallout from this month's breach of security provider Twilio keeps coming. Three new companies—authentication service Authy, password manager LastPass, and food delivery service DoorDash—said in recent days that the Twilio compromise led to them being hacked.
The three companies join authentication service Okta and secure messenger provider Signal in the dubious club of Twilio customers known to be breached in follow-on attacks that leveraged the data obtained by the intruders. In all, security firm Group-IB said on Thursday , at least 136 companies were similarly hacked, so it's likely many more victims will be announced in the coming days and weeks.
The compromises of Authy and LastPass are the most concerning of the new revelations. Authy says it stores two-factor authentication tokens for 75 million users. Given the passwords the threat actor has already obtained in previous breaches, these tokens may have been the only things preventing the takeover of more accounts. Authy, which Twilio owns, said that the threat actor used its access to log in to only 93 individual accounts and enroll new devices that could receive one-time passwords. Depending on who those accounts belong to, that could be very bad. Authy said it has since removed unauthorized devices from those accounts.
How To Export Passwords From LastPass To Another Password Manager?
pubsub.do.nohost.me / FossBytes · Friday, 26 February, 2021 - 11:23 · 1 minute
When it comes to password managers, LastPass is considered one of the best password managers to get rid of the manual process of remembering passwords. What makes LastPass a favorite choice amongst users is its free plan under which you can access features like saving passwords, saving form fills, saving card details, and more.
However, recently, LastPass announced a change in its free plan. Starting from March 16, it will allow only one device under the free plan. It means free users will be restricted from using the features of the password manager either on a smartphone or on a PC (one at a time). This announcement is upsetting for those who have passwords saved in the app.
Thankfully, there are alternatives that you can use to replace LastPass. Before you switch to any other password manager, you need to export your saved passwords from LastPass. Below, we’ve enlisted the steps to export passwords from LastPass to other password managers. It’s a fairly easy process with simple steps to follow.
You can check out our list of best password manager apps to replace LastPass:
Now that you’ve downloaded your saved passwords on LastPass, you can import this file to the password manager of your choice. Almost all the best password managers provide the option to import passwords using an encrypted file or CSV file.
Upon uploading the file on the new password manager, your passwords will be organized automatically.
The post How To Export Passwords From LastPass To Another Password Manager? appeared first on Fossbytes .
