Over the past year or so, we have been hearing reports about how online accounts have been hacked and email address. home phone numbers, credit card details, home addresses, and more have been stolen, but is this efficient? After all hacking one particular account only grants access to one service, right?
Well according to recent research conducted by data-protection company IBM Trusteer, they have found that the next target that cyber criminals could be targeting next would be none other than the master password to password manager services, such as 1Password and LastPass, just to name a couple.
While there have been little to no reports of such a thing happening, the researchers found evidence that hackers have modified the Citadel trojan which could be used to log the keystrokes users use to access their master list of passwords. According to Dana Tamir, the director of enterprise security for IBM Trusteer, “Once the malware captures this master key, then they can use that master key to exercise complete control over the machine and any of the user’s online accounts.”
While password managers are a great way to help users remember passwords and to sign into websites automatically, Tamir notes, “But it is important to keep in mind that these solutions are not sufficient in and of themselves—they have to be accessed from a clean machine.” There does not appear to be a “fix” so if you do use password managers, just remember to be extra vigilant and make sure that you don’t download any suspicious files or open suspicious email attachments.
Filed in . Read more about Security.