![]() ![]() ![]() Further information is unavailable, as the investigation is still ongoing. An investigation has so far revealed that the breach stemmed from knowledge gained during the August 2022 incident, and that “certain elements of customers’ information” have been accessed. As reported Wednesday on its blog, LastPass recently detected unusual activity within a third-party cloud storage service. Now the company has experienced a second related hack, this time impacting customers. At the time, LastPass said that while part of its source code and proprietary technical info were taken, customers were unaffected. Back in August, the popular password manager suffered a security breach, in which the company’s developer environment was infiltrated. The original story from Dec 1, which covers more background details of the leak, follows below. You can also choose to switch providers-our round-up of the best password managers has suggestions beyond LastPass that you can try. If you’re a LastPass customer, your best protection is to use a strong random password that’s never been used elsewhere. ![]() You can read more about the information lost in the company’s blog post, as well as its full explanation of what’s happened so far and the steps the company is taking next. Also leaked was customer vault data, which includes unencrypted data such as website URLs and encrypted data such as website usernames and passwords, secure notes, and form-filled data. LastPass is one of the most popular password management providers around, claiming to have over 33 million global users including more than 100,000 business accounts.Update: On December 22, LastPass published a new blog post with further information about leaked customer information, saying that account information such as billing addresses, email addresses, end-user names, telephone numbers, and IP address info were obtained. Those words may be of little comfort to customers, who would have expected a more thorough incident response effort following the August attack, so that follow-on breaches weren’t possible. “As part of our efforts, we continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent further threat actor activity.” In the meantime, we can confirm that LastPass products and services remain fully functional,” Toubba declared of the latest breach. “We are working diligently to understand the scope of the incident and identify what specific information has been accessed. The firm said at the time that no customer data or passwords had been compromised in the incident, with the attacker only accessing “source code and some proprietary LastPass technical information.” The August incident Toubba referred to saw an unauthorized individual use a compromised developer account to access parts of the LastPass development environment. It’s unclear exactly what type of customer information has been compromised. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.” “We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. “We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” he revealed. LastPass CEO, Karim Toubba, said in a notice that there’s an ongoing investigation into the incident led by Mandiant, and that law enforcement had been notified. Password management giant LastPass has suffered a breach of customer information in an attack that may be linked to a previous security breach in August, the firm revealed yesterday. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |