Digital Trends
Let ’s take a look at LastPass ’ current feature and security cadence along with the previous incidents .
What is LastPass?
LastPassis a parole direction software available on the World Wide Web , desktop , and mobile , as well as with internet browser extensions . It offers multifactor assay-mark , biometric login , autofill , a password author , and dark internet monitoring to go along with its basicpassword managementfeatures .
As for security , LastPass use AES-256 data encryption , PBKDF2 hash with SHA-256 salting , and a zero - knowledge theoretical account . LastPass also go for several security certification including ISO 27001 , TRUSTe , SOC3 , and others .
Currently , LastPass has over 33 million users and anestimated annual tax income of $ 143.7 million .
Digital Trends
This all sounds terrific , right ? So , what ’s the problem ?
LastPass security incidents
There ’s a reason people are asking if LastPass is secure to use . security department breaches , along with the theft of information over the eld , are certainly cause for concern . To sympathize more about these incident , let ’s expect at a brief timeline of what occurred .
2011: Security notification
LastPass found an irregularity in its electronic connection dealings along with one to match in one of its databases . Even though it did n’t find a specific breach , LastPassasked its user to shift their master passwordsfor fear that some of its data point may have been hacked .
2015: Security breach
LastPass apprise its communitythat it “ find and occlude suspicious bodily function ” on its meshing . The notification stated that email addresses , word reminders , server per user common salt , and hallmark hash were compromised . However , it did n’t determine grounds that user vault data was stolen and posit that user accounts were not access .
2021: Third-party trackers and master passwords
A LastPass user get wind several third - party trackers in the Android peregrine app . While similar watchword managing director also contain these types of trackers , the point was made that LastPass had the most between it , 1Password , Bitwarden , and Dashlane .
“ No sensitive personally identifiable drug user data or burial vault bodily function could be lapse through these trackers . These trackers collect limited aggregated statistical data about how you use LastPass , which is used to help us amend and optimize the product , ” said thestatement provided to The Registerby a LastPass congressman .
Later in 2021 , it was report that LastPass users were notified via email that their master passwords were compromised and login effort with those parole were blocked . However , aLastPass representative statedthat the company investigate these reports and “ determine the activeness is related to fairly vulgar bot - related activity … ”
2022: Data theft
credibly the most memorable security system incident occurred when a hacker steal a written matter of the LastPass client database , along with watchword vault and data including name , electronic mail and billing address , fond credit visiting card number , and universal resource locator . There was a intermixture of encrypted and unencrypted data involved .
TheLastPass security incident reportstarts with the above August 2022 occurrence . It then with update through the next few calendar month , explaining its probe into strange activity in a partake third - company cloud storage serve used to put up backups along with other data .
Later in 2022 , LastPass stated that data find in the original August incident was used to gain access to customer information , but that passwords remained encrypted .
The soul or entity was able to find source codification and technological info to afterward target a LastPass employee . They hold credential and keys to get at and decrypt repositing bulk within that swarm service . They then then copied information from a backup containing company names , usernames , email and billing addresses , headphone numbers , and IP computer address .
In September 2023,a link was foundbetween the 2022 data point theft incident and more than$35 million in cryptocurrency being steal from over 150 victimssince the premature December .
Additional LastPass security measures
As mention originally , LastPass uses the diligence standard for encryption , PBKDF2 hashing with salting , and a zero - noesis method acting for protect your data .
It also undergoes mundane audits and examination of its service and substructure , and render users access to its security team for report possible weaknesses . LastPass also uses what ’s called a Bug Bounty Program where whitened - hat hack can render bug they find .
Should you use LastPass?
With the current security measures , a good feature lay , and one thousand thousand of user , it sounds fair touse LastPassas your go - to password manager — if you could attend past the security measures incidents spanning over a decade .
But that ’s really what it comes down to . Canyoulook past the incidents ? Wouldyoufeel that your data is safe ? How much trustfulness areyouwilling to put in LastPass ?
There are many companies out there withpassword direction productsthat have n’t made newspaper headline or had incidents like LastPass . And , it certainly seems like LastPass has a lasting target on its back from hackers and thieves . Hopefully , the company is taking the necessary meter to doctor the problems , but right now , you ’ll have to decide whether it ’s worth the peril .
