Read Time:1 Minute, 40 Second
LastPass recently disclosed a new system breach that has paved the way for hackers to access customer data.
LastPass, a password management software, now admits that they already found evidence of the alleged data breach in August.
Previously they told the public that there was no evidence found as proof that their system had been compromised more than three months ago.
LastPass CEO Karim Toubba revealed the initial data breach in late August, saying that only one developer account had been hacked. Despite the theft of source code and certain confidential LastPass technical information, Toubba claims its investigation with incident response firm Mandiant found no evidence that customer data was compromised.
On Wednesday, an updated statement was released stating that there are still remnants and aftershocks from the attack. The said fallout may continue to disturb customers.
Toubba explained in the update: “We have determined that an unauthorised party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. We are working diligently to understand the scope of the incident and identify what specific information has been accessed.”
After noticing odd behaviour within a third-party cloud storage service shared by GoTo, formerly known as LogMeIn, which purchased LastPass in 2015, LastPass said it retained the services of Mandiant again and alerted law authorities.
LastPass wrote about the initial investigation in September: “Although the threat actor was able to access the development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults.”
Lastpass wants to give customers confidence by deploying endpoint security controls and implementing strengthened monitoring. No necessary actions were recommended for customers to take as of now.
While LastPass maintains that its services are still available and its clients’ passwords remain secure, it is unclear whether this applies to all or just master passwords. It is also uncertain what, if any, consumer information the threat actor obtained in the most recent intrusion.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
