![]() ![]() When you use LastPass, we make every effort to protect your personaI information and that reIated to your payments. LastPass takes payment security and the trust our customers pIace in us very seriousIy. LastPass is based on two fundamentaI principIes: the security and confidentiaIity of your personaI data. Warning: Some of your contact information is out of date, it must be verified in order to maintain full access to your LastPass account. The email lure tells users to verify their personal data or face losing deactivation of "certain features" on 26 September. ![]() However, as convincing as it was, the email could not avoid the two red flags that allow anyone to spot almost any scam: A demand for personal information and an attempt to hurry the victim. The LastPass phishing email we received was convincing, familiar, and executed with high production values. They can do this becasue alongside the password vaults that were stolen, criminals also made off with customers' email addresses, as well as " basic customer account information", company names, end-user names, billing addresses, telephone numbers, and IP addresses.Īrmed with this data, attackers can send targeted phishing emails that attempt to steal the passwords needed to unlock the stolen password vaults. However, there is another, far easier way for criminals to get at LastPass users' passwords, without cracking them: They can simply ask. So while some passwords will be so strong they are effectively uncrackable, many weaker ones are likely to be safe simply because they're too costly to uncover. The frequency with which passwords are uncovered diminishes exponentially, and the cost per password increases in the same way. LastPass's own assessment was that "it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best practices."īrute force guessing techniques may be successful for some weak passwords, but it's an approach that quickly runs out of steam. ![]() The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email.Īlthough the " unauthorized party" that compromised LastPass users' data was able to steal password vaults, it's likely that they are having a hard time cracking them open. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |