The Lastpass password management app revealed new information about the August 2022 hack, and the company said that pirates had access to its customers’ information and data from it “Their password vaults”, basic customer account data and related metadata including company names, end-user names, invoice addresses, email addresses, phone numbers and IP addresses through which customers were accessing the LastPass app.
Pirates were able, according to the company’s statement last November, to access the source code of the app, which in turn is not dangerous for users as long as the code is safe and free of serious security flaws,
Hundreds of open source software mean that their source code is accessible to everyone and in some cases to modify it or to build other software on the same code.
But the risk is to leak users’ password vaults. it’s encrypted files which contain’s all the customers data, the company explained that hackers will take too long to decrypt these files, but they did not bear in mind that not all of its customers use powerful passwords to encrypt these Vaults, some of whom may use passwords that do not exceed 8 inputs. What makes their Vaults vulnerable to decoding easily.
The company also waited for several months before informing its approximately 33 million customers; That their data has already been leaked. it is something call for a rethink of relying on the company on an important matter such as keeping passwords, account information, bank cards and other sensitive data.
If you are a Lastpass user and looking for an alternative, we Recommend Bitwarden if you want to store your passwords on the Internet (Cloud) which is a Lastpass-like alternative. You can also host software on your server or your company and thus manage data completely without relying on the company and its servers. Or Keepassxc if you want to keep your password Vaults on your personal computer or on a broker like “flash memory” or your cloud storage service.
