LastPass user information exposed in data breach

What happened now? LastPass, the popular password manager that boasts over 33 million customers and 100,000 business users, has been hacked again. The company says that, unlike the previous case, user data was exposed in this latest incident, but the company emphasizes that no passwords were compromised.

LastPass CEO Karim Tubba writes that LastPass recently detected unusual activity on a third-party cloud storage currently being used by a GoTo organization and affiliate.

It was found that the hackers were able to access “certain elements” of customer data. This was achieved using information obtained from the LastPass hack in August, when cybercriminals took parts of the site’s internal source code and documents related to sensitive technical information. In this case, the hackers gained access using a compromised developer account and spying on the systems for four days before they were discovered and booted.

Obviously, any breach of security in the password manager will raise concerns about stolen passwords, but LastPass emphasizes that they remain secure thanks to its zero-knowledge architecture, which ensures that only the user knows the master password, and encryption only happens at the device level. . As such, LastPass discourages users from changing their passwords.

Tubba said LastPass is continuing to work on understanding the scope of the incident and determining what specific information was accessed. He hired a leading security firm, Mandiant, and alerted law enforcement.

Despite its huge popularity and excellent software, this is yet another instance where the security of LastPass has been questioned. In 2019, the company patched a security vulnerability that could allow hackers to scrape login information from the most recently visited site users. In 2017, a browser extension vulnerability was also discovered.

In December, LastPass users reported that people were trying to log into their accounts from unknown locations using their correct master passwords. The company said this was likely the result of customers reusing passwords across multiple sites.

If you’re a LastPass user concerned about these incidents, download an authenticator app that will help secure your account by requiring two-factor authentication codes when logging in, which adds an extra layer of protection.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button