Many of us are users who use password managers to be able to remember each and every one of the passwords of the platforms that we use daily or sporadically, especially if we do not use the same password in all of these.
One of the best-known and most used password managers in the world is LastPass, a platform that, throughout 2022, suffered two attacks from hackers who took over the vaults where user access passwords are stored.
The normal thing in these cases is to change each and every one of the access codes, however, as the company reported when it announced the news, the hackers had accessed the vaults of some users, vaults that are found encryptedTherefore, it was not necessary to change the password of all the platforms that were stored, although it is always recommended in the event of this type of theft.
In computing, nothing is 100% secure since accessing a file that is encrypted is not impossible, as long as you have the necessary mechanisms and plenty of time ahead to do so. The strangers who stole the vaults stored in LastPass have taken it very calmly and, according to the latest news from several security experts, they have finally succeeded.
LastPass security leaves a lot to be desired
According to the head of MetaMask (a cryptocurrency wallet company), Taylor Monahan, since the theft of LastPass accounts was reported, more than 150 people have seen a total of $35 million in cryptocurrencies stolen from them. This company, where many of the affected users’ cryptocurrencies are stored, claims that all victims who have seen their cryptocurrencies disappear had used LastPass.
Tay
@tayvano_
For the past 48hrs I’ve been unwinding a massive wallet draining operation
I don’t know how big it is but since Dec 2022 it’s drained 5000+ ETH and ??? in tokens / NFTs / coins across 11+ chains.
Its rekt my friends & OGs who are reasonably secure.
No one knows how. https://t.co/MafntG7RkP
September 11, 2023 • 18:10
6.1K
907
Accounts in these types of wallets are ultimately protected with a seed phrase (seed phrase) a set of between 12 and 24 words that must be written in the correct order to recover your access if the access password has been lost and with which you can make all kinds of movements in the account as if they were the legitimate ones owners. Users whose cryptocurrencies have been stolen They stored this phrase in LastPass.
Taylor Monahan began his investigation in April of this year, and, after analyzing all the cases related to the theft of cryptocurrencies stored on his platform, he came to the conclusion that the data theft he suffered LastPass is the origin.
When LastPass announced the news, it stated that the vaults were encrypted so many users did not worry about changing the access passwords they normally use or those for accessing cryptocurrency wallets. In theory, there was no problem, since strangers’ friends had little chance of decrypting and accessing its contents.
What is clear is that the security encryption that LastPass uses in its vaults, no matter how much it claims otherwise on its website, really It is not as safe as it claims or it is not using the encryption it advertises. If you still use LastPass as a password manager, whether you have cryptocurrencies or not, the first thing you should do right now is change the access passwords to all the platforms that you have stored inside it right now.