Then they could produce well-targeted phishing emails just for the people who are worth their effort. Threat actors would love to know what you have access to. But website URLs are very much sensitive data. Note how LastPass admits not encrypting website URLs but doesn't group it under "sensitive fields". The most recent admission from LastPass was that a threat actor was able obtain "a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.” Palant points out: Palant starts off attacking LassPass for trying to make it seem as though the updates it is issuing are being done as acts of benevolence he points out that this is actually a legal requirement. He tears apart the most recent statement issued by LastPass, going through it line by line and calling out instances of misrepresentation and what he refers to as "omissions, half-truths and outright lies". Security researcher Wladimir Palant has penned a scathing attack on LastPass, accusing the company of being more concerned with saving face than being transparent.
0 kommentar(er)
