Lastpass, a password management app that suffered a hack in August, announced on Thursday that the extent of the damage was far greater than previously reported. Hackers were able to obtain users’ password vaults in some cases, which means that they have access to people’s entire collections of encrypted personal data, although they do not have the means to immediately unlock it. The encrypted data that was obtained by the hackers included basic customer account information such as company names, billing and email addresses, IP addresses, and telephone numbers. According to Lastpass, these encrypted fields are secured with 256-bit AES encryption and can only be decrypted with a unique encryption key that is derived from each user’s master password using the company’s Zero Knowledge architecture. The master password is not known to Lastpass and is not stored or maintained by the company.
Image Source - Twitter
