How Password Managers Can Get Hacked
Dark Reading
APRIL 11, 2023
Password managers aren't foolproof, but they do help mitigate risks from weak credentials and password reuse. Following best practices can contribute to a company's defenses.
My Password Manager was Hacked! How to Prevent a Catastrophe
Bleeping Computer
FEBRUARY 15, 2023
A recent password manager breach sent a shockwave through the security community. No service is perfect, and that goes for password managers, so what can you do to protect yourself? [.]
Join 29,000+
Insiders
Sign Up for our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Trending Sources
Passwordstate password manager hacked in supply chain attack
Bleeping Computer
APRIL 23, 2021
Click Studios, the company behind the Passwordstate password manager, notified customers that attackers compromised the app's update mechanism to deliver malware in a supply-chain attack after breaching its networks. [.].
Bitwarden vs 1Password: Compare Top Password Managers
eSecurity Planet
MARCH 8, 2022
Users looking to increase their security without the burden of remembering all those passwords typically turn to password managers to keep their accounts secure. Vault health reports Directory sync Secure password sharing. 1Password is a popular business password manager that encrypts data both at rest and in transit.
NortonLifeLock: threat actors breached Norton Password Manager accounts
Security Affairs
JANUARY 13, 2023
Gen Digital, formerly Symantec Corporation and NortonLifeLock, warns that hackers breached Norton Password Manager accounts. Gen Digital, formerly Symantec Corporation and NortonLifeLock, informed its customers that threat actors have breached Norton Password Manager accounts in credential-stuffing attacks.
New Windows Meduza Stealer targets tens of crypto wallets and password managers
Security Affairs
JULY 3, 2023
The malware also targets crypto wallet extensions, password managers, and 2FA extensions. The malware also collects a variety of data, including system info, browser info, password manager info, miner related registry info, and installed games info. ” continues the analysis.
Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass
Security Boulevard
FEBRUARY 5, 2023
The attacks on password managers and their users continue as Bitwarden and 1Password users have reported seeing paid ads for phishing sites in Google search results for the official login page of the password management vendors.
LastPass Data Breach: It's Time to Ditch This Password Manager
WIRED Threat Level
DECEMBER 28, 2022
The password manager's most recent data breach is so concerning, users need to take immediate steps to protect themselves.
What the LastPass Hack Says About Modern Cybersecurity
Security Boulevard
MARCH 7, 2023
Online password managers are meant to help users keep track of the long and complex. The post What the LastPass Hack Says About Modern Cybersecurity appeared first on Axiad. The post What the LastPass Hack Says About Modern Cybersecurity appeared first on Security Boulevard.
Hacking 
128
128 
Cyber Awareness: Password Manager
Security Boulevard
MAY 19, 2021
It’s true that memorizing dozens of passwords can be quite the challenge, but reusing passwords is not the solution, either. Doing so can be dangerous, as attackers these days are able to hack accounts by exploiting those reused passwords very often. .
LastPass developer systems hacked to steal source code
Bleeping Computer
AUGUST 25, 2022
Password management firm LastPass was hacked two weeks ago, enabling threat actors to steal the company's source code and proprietary technical information. [.].
Hacking 145
145 
A supply chain attack compromised the update mechanism of Passwordstate Password Manager
Security Affairs
APRIL 25, 2021
The software company Click Studios was the victim of a supply chain attack, hackers compromised its Passwordstate password management application. Manager hase? Passwordstate is the Enterprise Password Management solution used by more than 29,000 customers and 370,000 security and IT professionals globally.
Password Management: Why the Cybersecurity Community is Sending the Wrong Message to Consumers
Security Boulevard
FEBRUARY 27, 2023
In recent months, the password manager industry has taken a significant cyber hit. In December 2022, one of the world’s most popular password managers, LastPass, notified its customers of a massive breach that exposed customer data and put their password vaults at risk if weak passwords were used.
LostPass: after the LastPass hack, here’s what you need to know
Graham Cluley
JANUARY 3, 2023
Do you use the LastPass password manager? Did you know they suffered a data breach, and that your passwords may be at risk? You do now. Here's what you need to know.
Researchers say enterprise password manager hit in supply chain attack
SC Magazine
APRIL 23, 2021
Researchers at CSIS Security Group claim they have discovered what they think might be the next big supply chain hack. If customers were compromised, it follows a wave of other damaging software supply chain hacks discovered in the last four months. This is a developing story. Check back for updates.
A flaw in LastPass password manager leaks credentials from previous site
Security Affairs
SEPTEMBER 16, 2019
A flaw in LastPass password manager leaks credentials from previous site. An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. SecurityAffairs – LastPass, hacking). Pierluigi Paganini.
Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager
Security Affairs
AUGUST 17, 2019
Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. “ SafeBreach Labs discovered a new vulnerability in Trend Micro Password Manager software.” SecurityAffairs – Trend Micro’s Password Manager, hacking).
LastPass releases new security incident disclosure and recommendations
Tech Republic Security
MARCH 4, 2023
LastPass attacks began with a hacked employee's home computer. The investigation now reveals the password manager company's data vault was compromised. The post LastPass releases new security incident disclosure and recommendations appeared first on TechRepublic.
Naked Security Live – What if my password manager gets hacked?
Naked Security
FEBRUARY 1, 2021
Our latest Naked Security Live talk - watch now!
GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers
The Last Watchdog
AUGUST 29, 2022
Related: Damage caused by ‘business logic’ hacking. This data strongly indicates that password management and 2FA are crucial for any organization or startup to become more secure from web attacks. We’ve shared some helpful guidance on password security at Zigrin Security blog. 2009 DBIR page 17) .
Hacking 202
202 
Thousands of Hacked Disney+ Accounts now Sold Online
SecureBlitz
APRIL 11, 2024
Social media platforms and online forums are full of lamentations by Disney+ users’ complaints about their hacked Disney accounts. The highly anticipated launch of Disney+ in November 2019 wasn't without its hiccups.
Threat Actors Hacked LastPass’ Cloud Storage and Stole Customers` Data
Heimadal Security
DECEMBER 23, 2022
Over 33 million people and 100,000 businesses around the globe use LastPass` password management software. The post Threat Actors Hacked LastPass’ Cloud Storage and Stole Customers` Data appeared first on Heimdal Security Blog. After the company’s CEO, Karim Toubba, stated […].
Hacking 77
77 
Hacked home computer of engineer led to second LastPass data breach
CSO Magazine
FEBRUARY 28, 2023
Password management company LastPass, which was hit by two data breaches last year , has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November.
Data breaches 133
133 
LastPass hack caused by an unpatched Plex software on an employee’s PC
Security Affairs
MARCH 7, 2023
Recently, the password management software firm disclosed a “second attack,” a threat actor used data stolen from the August security breach and combined it with information available from a third-party data breach. The hackers installed a keylogger on the DevOp engineer’s computed and captured his master password.
Software 98
98 
LastPass revealed that intruders had internal access for four days during the August hack
Security Affairs
SEPTEMBER 18, 2022
The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. SecurityAffairs – hacking, hack).
Hacking 99
99 
Passwordstate Was Hacked in a Supply Chain Attack
Heimadal Security
APRIL 26, 2021
The post Passwordstate Was Hacked in a Supply Chain Attack appeared first on Heimdal Security Blog. The […].
Hacking 98
98 
Abine says Blur Password Manager User Information Exposed
The Security Ledger
JANUARY 2, 2019
Customers who use the Blur secure password manager by Abine may have had sensitive information leaked, according to a statement by Abine, the company that makes the product. . The post Abine says Blur Password Manager User Information Exposed appeared first on The Security Ledger.
Passwords that have been hacked over 50,000 times
CyberSecurity Insiders
MARCH 17, 2021
Media has been trying its best to create awareness among online users about the need to go for passwords that are difficult to guess or hack. Despite that, most users are seen indulging in a pursuit of using the same password on multiple platforms and that too which is easy to guess for hackers through password spray cyber attacks.
Passwords 103
103 
LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach
The Hacker News
MARCH 6, 2023
The embattled password management service last week revealed how unidentified actors leveraged information stolen from an earlier incident that took place prior to August 12, 2022, along with
Engineering 98
98 No, Spotify Wasn't Hacked
Troy Hunt
JANUARY 8, 2019
Get a password manager (8 years on and I still use 1Password every day), create strong and unique passwords on every account and enable 2-factor authentication where available. And why would someone "hack" (I use the term loosely because they literally logged in with the correct username and password) Spotify accounts?
Hacking 223
223 
SHARED INTEL: A foolproof consumer’s guide to creating and managing bulletproof passwords
The Last Watchdog
MARCH 24, 2022
It can be a real hassle to keep track of the passwords you use. So many people use the same combination of username and password for every account. Related: Kaseya hack exacerbates supply chain exposures. You see, these days, many data breaches could be traced back to people using the same password across multiple accounts.
Passwords 134
134 
Zoho urges fixing a critical SQL Injection flaw in ManageEngine
Security Affairs
JANUARY 5, 2023
. “This security advisory is to let you know that a high severity vulnerability was detected in ManageEngine Password Manager Pro.” “An SQL Injection vulnerability(CVE-2022-47523) was discovered in Password Manager Pro.” The flaw impacts Password Manager Pro, versions 12200 and below.
Nation-state actors hacked Red Cross exploiting a Zoho bug
Security Affairs
FEBRUARY 17, 2022
The attribution of the hack is based on similarities of attackers’ TTPs with the ones associated with APT groups and the targeted nature of the attack. SecurityAffairs – hacking, SIM swapping). The post Nation-state actors hacked Red Cross exploiting a Zoho bug appeared first on Security Affairs. Pierluigi Paganini.
Hacking 92
92 
New Version of Meduza Stealer Released in Dark Web
Security Affairs
DECEMBER 29, 2023
Atom, Comodo Dragon, Torch, Comodo, Slimjet, 360Browser, 360 Secure Browser, Maxthon3, Maxthon5, Maxthon, QQBrowser, K-Meleon, Xpom, Lenovo Browser, Xvast, Go!
LastPass employee targeted via an audio deepfake call
Security Affairs
APRIL 12, 2024
According to the password management software firm, the employee was contacted outside of the business hours. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – Hacking, deepfakes) concludes the report.
CISA adds Zoho ManageEngine flaw to its Known Exploited Vulnerabilities Catalog
Security Affairs
SEPTEMBER 23, 2022
The CVE-2022-35405 flaw is a remote code execution vulnerability that impacts Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus. “Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution.”
Nvidia, the ransomware breach with some plot twists
Malwarebytes
MARCH 3, 2022
Now, Nvidia has confirmed that it was hacked and that the threat actor is leaking employee credentials and proprietary information onto the internet. Hacked back? At some point during the negotiations the LAPSUS$ group started to make a big fuss about having been hacked back. Password managers save time.
Ransomware 90
90 
UK NCSC says to ‘Think Random’ on passwords
CyberSecurity Insiders
AUGUST 9, 2021
Britain’s National Cyber Security Centre(NCSC) has passed advice to online users to think of 3-4 randomly used words as passwords rather than using a complex one and storing it in a file or a password manager as it is hard to remember.
Passwords 139
139 
The Week in Cybersecurity: Cyber espionage operation fueled for months by targeted phishing attacks
Security Boulevard
SEPTEMBER 1, 2022
This week: a China-linked cyber espionage campaign targets critical entities in Australia and the South China Sea, password manager LastPass gets hacked (again), and more. . The post The Week in Cybersecurity: Cyber espionage operation fueled for months by targeted phishing attacks appeared first on Security Boulevard.
Phishing 97
97 
GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices
The Last Watchdog
MAY 26, 2021
The average person has about 100 different passwords for the various tools, apps, websites, and online services they use on a regular basis. With so many passwords to keep track of, those familiar “Update Password” prompts tend to get bothersome. Use a password manager.
Passwords 182
182 
When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame
Troy Hunt
NOVEMBER 7, 2018
It's just another day on the internet when the news is full of headlines about accounts being hacked. This is when hackers try usernames and password combos leaked in data breaches at other companies, hoping that some users might have reused usernames and passwords across services.
Passwords 237
237 
Weekly Update 224
Troy Hunt
JANUARY 1, 2021
Sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online.
Data breaches 306
306 
LastPass investigated recent reports of blocked login attempts
Security Affairs
DECEMBER 28, 2021
Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users. “Someone just used your master password to try to log in to your account from a device or location we didn’t recognize,” reads the warnings. SecurityAffairs – hacking, password).
GAO report reveals new Pentagon weapon systems vulnerable to hack
Security Affairs
OCTOBER 10, 2018
According to a new report published by the Government Accountability Office (GAO) almost any new weapon systems in the arsenal of the Pentagon is vulnerable to hack. “In some cases, system operators were unable to effectively respond to the hacks.” Security Affairs – weapon system, hacking ).
Hacking 86
86 
Let's personalize your content