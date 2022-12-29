LastPass is a password management platform which recently said that hackers who accessed the company’s cloud-based storage environment illegally in August 2022 have a copy of consumer data. It stores passwords in a single app and reduces the reuse of passwords online.

The Computer Emergency Response Team (CERT-In) issued an advisory in the wake of this data breach. It warned Indian users that their accounts could be compromised due to the phishing attacks that cybercriminals undertake.

Karim Toubba, the CEO of LastPass provided an update last week of an update of a hacking incident that occurred back in August 2022. He said that it was found by the company that an unknown threat actor stole source code after accessing a cloud-based storage environment and later used it to target another employee of the company.

He also noticed that the cloud storage access keys and dual storage access keys were obtained by the hackers that were “used to access and decrypt some storage volumes within the cloud-based storage service.” It was also said by the company that information was copied by the threat actor that included company names, end-user names, billing addresses, IP addresses, and telephone numbers of the customers who accessed the services of LastPass.

The company however said that with 256-0-bit AES encryption the data has been secured. Since the data is encrypted the threat actors may use “brute force” to guess the target audience and master password with credential stuffing and phishing attacks, says LastPass.

An advisory was also issued by the Indian cyber agency on a vulnerability in the products of NetApp OnCommand Insight which could allow an attacker to bypass the security restrictions and reach the targeted system. Attackers could exploit this vulnerability by sending a request and if it is successful then the attackers can perform the operations. Cyberattacks and crimes online are on the rise and such incidents leading to advisories for users can be a small step of prevention.

