Last Says Hackers Stole Customer Data 3g4n1k Encrypted s in Breach That Occured in August

In August, Last said it had seen no evidence that hackers had access to customer data or encrypted vaults. 4r2m6q

By William Turton, Bloomberg | Updated: 23 December 2022 10:30 IST

Last Says Hackers Stole Customer Data, Encrypted s in Breach That Occured in August

Photo Credit: Last 1w2p3u

Hackers were able to copy email addresses, IP addresses from which customers accessed Last

Highlights

Last said that the initial breach had happened in August
It does not store the master created by s
Last has hired cybersecurity firm Mandiant to investigate the breach

ment

Last, a management service, announced on Thursday that hackers stole encrypted copies of customer s and other sensitive data such as billing addresses, phone numbers and IP addresses. The announcement is the latest update from a breach that occurred in August. At that time, the company said they had seen no evidence that the hackers had access to customer data or encrypted vaults.

But the company's statement on Thursday said that source code and technical information that were stolen as part of that hack was used to target another employee. The hackers were then able to obtain credentials and keys to access and decrypt data stored on a third-party cloud storage space.

They were able to copy such things as basic customer information, including email addresses and the IP addresses from which customers accessed Last, and “fully-encrypted sensitive fields such as website names and s, secure notes and form-filled data.”

Uber Probing Leak of Source Code, Employee Data From Third-Party Vendor

managers are a way for customers to store names and s in one place and can be accessed using a master that a customer creates. The master isn't known to Last nor is stored or maintained by the company, it said in its statement.

The other encrypted data can only be decrypted “with a unique encryption key derived from each 's master ,” the company said.

Nonetheless, Last warned customers that they could be targeted for social engineering, phishing attempts or other methods.

Data of 6 Lakh Indians Stolen, Sold on Bot Markets So Far: Study

“The threat actor may attempt to use brute force to guess your master and decrypt the copies of vault data they took,” the company said in a statement. “Because of the hashing and encryption methods we use to protect our customers, it would be extremely difficult to attempt to brute force guess master s for those customers who follow our best practices.”

For those who follow Last's guidance, “it would take millions of years to guess your master using generally available -cracking technology,” the company said.

A representative for Last didn't respond to messages seeking comment.

The company said that it has hired the cybersecurity firm Mandiant to investigate the breach. It also said that it is rebuilding its entire development environment from scratch, an indication that hackers had thoroughly comprised the company's sensitive systems.

Last said that its investigation is ongoing, and that it has notified law enforcement and “relevant regulatory authorities.”

Where did Realme go wrong with the 10 Pro+ 5G? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

links may be automatically generated - see our ethics statement for details.

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.