Read Time:1 Minute, 33 Second

Password management security company LastPass confirmed that a security breach occurred around early August 2022. The breach was said to have infiltrated the company’s development environment.

LastPass CEO Karim Toubba sent a notice to all of the company’s customers, informing them of the security incident. 

He notes, “We have determined that an unauthorised party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.”

The CEO notes that the company did not see evidence of stolen customer data or encrypted password vaults. Toubba additionally guarantees that LastPass products and services are operating normally.

The company also discloses that it has employed containment and mitigation measures. It has also engaged undisclosed leading cybersecurity and forensics firm to help with its investigation. The notice also provided a list of frequently asked questions for its customers while stipulating that no action must be taken.

Toubba reassures that no data was compromised because the LastPass zero-knowledge model ensures that only the customers can decrypt and view their vault data.

According to ZDNet senior contributing editor Steven Vaughan-Nichols, this wasn’t the first time LastPass was hacked. Nichols outlines that the security researchers uncovered a security problem in 2019.

In 2020 the company had a significant outage, wherein users could not log into their accounts. In 2021 it appeared that some users’ LastPass Master Passwords might have been disclosed as users received alerts that their master passwords were used by someone else. The company assured its customers that their information was safe and their security wasn’t breached.

Nichols points out that despite LastPass having significant annual security problems and its recent breach revealing its proprietary source code and technical secrets, it is still an excellent password security company due to its zero-knowledge model.

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
insurance Previous post The Truth About Cyber Insurance In Australia 
gsuite Next post AiTM Attack Targeting Google G-Suite Enterprise Users: Researchers Warn