|
|
|
|
|
|
by naetius
1205 days ago
|
|
|
> Among other things, the vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets. Wow. So those backups - which I hope and assume are encrypted with users’ credentials and were supposed to have one more layer of “LastPass” corp encryption - now seem to be lacking the latter. This sounds equivalent to stealing the encrypted blobs from each and every LP user.
(Hoping to be wrong here) If one workstation getting hacked led to something like this I wonder what other mess is hiding in the crypto details… |
|
|