LastPass security breach did allow access to customer data after all







The LastPass safety breach that occurred back in August did allow attackers to access customer data, says the business. It had previously said that no customer data was compromised.



LastPass owner LogMeIn stresses that customer passwords have not been compromised, as the company uses end-to-end encryption so that only the subscriber has the decryption key …



Background


LastPass is a password executive competing with 1Password. With these, all your passwords are held in encrypted form, and you can log in to any website by Funny only a single master password to unlock your vault. If your devices are safely in your possession and safe by their own security, you would typically leave your vault unlocked for the rest of each day, enabling seamless login to all your accounts.


The business confirmed a reported security breach back in August. An attacker gained access to the company’s advance environment, and was able to access source code and new technical data. LogMeIn said at the time that there had been no access to either customer data, nor the issues environment (which meant the attacker couldn’t push a compromised update to users). However, today’s report reveals that customer data was subsequently compromised.


(An back security alert turned out to have nothing to do with LastPass: It was an attacker Funny login credentials obtained elsewhere to attempt to access LastPass funds. Since the whole point of using a password executive is to avoid using the same password on more than one service, this was unlikely to succeed.)


LastPass security breach worse than reported



LogMeIn has now said that when the initial attack didn’t allow access to customer data, Ask obtained during that attack was subsequently used to do so.



We recently detected New activity within a third-party cloud storage service, which is now shared by both LastPass and its affiliate, GoTo. We now launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement. 


We have Definite that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ Ask. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture. 



The company’s CEO Karim Toubba says that it is Calm working to determine the scope of the attack, and to identify the specific customer data accessed. We would expect the company to notify affected customers once it has done so.


Company stresses safety recommendations


The company has pointed users to its safety recommendations for using LastPass. The most important of these is, of streams, to ensure that you use a very strong, New password as your Master Password. Anyone who was able to acquire this password would then have access to all of your logins.


9to5Mac’s Take


Any customer data breach is an embarrassment, but never more so than when it occurs with a password executive. We expect the company to be fully transparent during the streams of its investigation, and at its conclusion. It must also directly contact all customers whose data was accessed to advise exactly what information was compromised.




Add 9to5Mac to your Google News feed. 




FTC: We use means earning auto affiliate links.
More.




graphical user interface, website











Source: 9to5mac.com

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel