Jakarta, CNBC Indonesia – A group of hackers stole US$4.4 million (Rp. 70 billion) in cryptocurrency by breaking into passwords stored in the LastPass database on October 25, 2023.
This news comes from a report by ZachXBT and MetaMask developer Taylor Monahan who tracked this crypto theft.
“We ask people to contact the victims whose crypto assets were stolen,” said ZachXBT as quoted from BleepingComputerTuesday (31/10/2023).
The investigation begins by asking the victim several questions. They finally found one thing in common among the participants, namely LastPass.
According to ZachXBT’s tweet on
LastPass breach
In 2022, LastPass experienced two breaches that allowed cybercriminals to steal passwords, customer data, and production backups stored in a cloud service that included an encrypted password vault.
At the time, LastPass CEO Karim Toubba said that even if the encrypted vault was stolen, only customers would know the master password needed to decrypt it.
Therefore, if users use the best passwords recommended by LastPass, their vault should be safe.
However, LastPass warns that for those using weak passwords, it is recommended to reset the master password as soon as possible.
“Depending on the length and complexity of your master password and the number of iterations set, you may want to reset your master password,” a LastPass support bulletin about the cyberattack said.
Advice is given to users who set weak passwords because they are easier to hack using special programs that utilize the GPU to brute force the password.
According to research conducted by Monahan and ZachXBT, it is believed that perpetrators stole password vaults to gain access to stored passphrases, credentials, and cryptocurrency wallet private keys.
Once they gain access to this information, they can load the wallet onto their own device and drain all the funds.
“I believe that in the majority of these cases, the compromised passwords were stolen from LastPass,” Monahan tweeted last August.
“The number of victims who have only a specific group of passwords drained and stored in LastPass is too large to ignore.” he added.
These findings suggest the threat actors behind the LastPass attack have been successful in cracking vault passwords and using the stolen information for their own purposes.
[Gambas:Video CNBC]
Next Article
Video: Binance Will Be Blocked by the United States
(fab/fab)