Technology

LastPass confirms attackers stole some source code

By Scott Marlette

Earlier this week, LastPass started notifying its users of a “recent security incident” where an “unauthorized party” used a compromised developer account to access parts of its password manager’s source code and “some proprietary LastPass technical information.” In a letter to its users, the company’s CEO Karim Toubba explains that its investigation hasn’t turned up evidence that any user data or encrypted passwords were accessed.

Toubba continues on to explain that the company has “implemented additional enhanced security measures” after containing the breach, which it detected two weeks ago. The company wouldn’t comment on how long the breach had been going on before it was detected.

As LastPass explains, at this point its users don’t have to do anything — there’s no reason for you to spend an afternoon changing your master password and doing a full security audit. LastPass, on the other hand, probably has its work cut out for it making sure that it doesn’t have to make any changes now that an unauthorized party may have access to its source code.

To be clear, hackers having access to a program’s source code doesn’t immediately mean they can instantly pwn it, breaking through its defenses. Famously, Microsoft says it doesn’t rely on its source code remaining private for security and says that people being able to read it shouldn’t be a risk (which is a good thing because its source code leaks a lot). And while that should be the case for any company, especially ones whose entire deal is keeping your passwords safe, I’d probably want the company to be poring over its code just to make sure there aren’t any subtle vulnerabilities that it missed if I were a LastPass customer.

Despite the fact that the breach doesn’t seem to be a red alert for security problems at the company, it’s still not a great look for a password manager that’s been struggling with its reputation. It’s just the latest in a line of incidents for LastPass (the software’s Wikipedia page is largely comprised of a section titled “security issues”), and the company also earned the ire of many users for changing its free tier to be significantly less useful in early 2021.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Scott Marlette 132879 posts 0 comments
More Stories

Will OnePlus 13 outpace Xiaomi with the first Snapdragon 8…

Google to appeal Play Store ruling | Computer Weekly

Smart charger aims to ease grid stress from EVs

1 of 69,748