Site icon TechNewsBoy.com

LastPass password manager’s ‘2022 troubles’ continue, hacked again – Times of India

Password manager LastPass has told users that an unauthorised party gained access to certain elements of customers’ information. This is the second time this year that the service has been breached.
LastPass is a password manager that enables its customers to reduce the reuse of passwords online, by storing them in a single app. The service also helps users to generate strong passwords.
What company told users
“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement,” LastPass CEO Karim Toubba said in a blog post.
He noted that the company determined that an unauthorised party gained access to certain elements of our customers’ data by using information obtained in the August 2022 incident.
The CEO says that the company is working to “understand the scope of the incident and identify what specific information has been accessed.” As part of its investigation, the company is deploying “enhanced security measures and monitoring capabilities” across its infrastructure to prevent further threat actor activity.
Toubba says that the customer’s data (passwords) is safe and encrypted with LastPass’s Zero Knowledge architecture. He also noted that LastPass products and services remain fully functional.

Second breach in 5 months
On August 25, LastPass reported that it detected unusual activity wherein an unauthorised party gained access to the service’s portions of the LastPass development environment “through a single compromised developer account.”
“After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults,” the CEO said at that time.
Citing its investigation and forensics process, the company also noted that the threat actor’s activity lasted four days and the company then contained the incident.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.
Exit mobile version