LastPass admitted in August that a “unauthorised party” gained access to its system.Any news about a password manager being hacked can be concerning, but the company is now assuring its users that their logins and other information were not compromised as a result of the incident.LastPass CEO Karim Toubba provided an update on the incident, stating that the company’s investigation with cybersecurity firm Mandiant revealed that the bad actor had internal access to its systems for four days.They were successful in stealing some of the password manager’s source code and technical information, but their access was restricted to the service’s development environment, which is not connected to customers’ data or encrypted vaults.Toubba also stated that LastPass does not have access to users’ master passwords, which are required to decrypt their vaults.There is no evidence that this incident “involved any access to customer data or encrypted password vaults,” according to the CEO.” They also discovered no evidence of unauthorised access beyond those four days, nor any evidence that the hacker injected malicious code into the systems.”Toubba explained that the bad actor was able to compromise a developer’s endpoint and infiltrate the service’s systems.”Once the developer had successfully authenticated using multi-factor authentication,” the hacker impersonated him.”LastPass suffered a security breach in2015, exposing users’ email addresses, authentication hashes, password reminders, and other information.”A similar breach would be even more damaging today, given that the service allegedly has over 33 million registered users.While LastPass isn’t asking users to do anything to protect their data this time, it’s always a good idea to avoid reusing passwords and to enable multi-factor authentication.Related
According to Kiwi Farms, its website was hacked on September19, 2022.
In “Technology,” Uber claims that the hack was carried out by Lapsus$, the group responsible for the Microsoft and T-Mobile attacks.
19 September 2022
Uber reports in “Technology” that it is looking into a “cybersecurity incident.”
16 September 2022
In the category “Technology.”
