Read Time:1 Minute, 45 Second
Last August, the cybersecurity community was shocked when the news that one of the password security experts reported that they were hacked. They were infiltrated through a single compromised developer environment. The company assured their clients no data was hacked, but recently they have made a shocking update.
At the time, LastPass CEO Karim Toubba reported that “an unauthorised party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.”
The CEO assured its users that they had nothing to worry about because the company did not see evidence that any sensitive information was taken, just some source code.
However, last November, the company updated its statement that it had detected some unusual activity within a third-party cloud storage service.
Toubba, in a separate blog, published that hackers responsible for the breach last August gained access to other credentials and keys “which were used to access and decrypt some storage volumes within the cloud-based storage service.”
The August attack led to the November attack. According to the public release of LastPass, “The threat actor copied information from the backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.”
According to the company, the attacker may attempt to use brute force to guess the user’s master password using the data hacked last August. But LastPass reassures its clients that as long as they have followed the recommendations provided by the company, such as creating a strong master password and not using it in multiple accounts, they should not worry about the brute-forcing attempts of the threat actors.
However, cybersecurity experts still recommend that users change their passwords and not simply ‘rotate’ credentials or passwords. People usually rotate or make minimal changes but keep a general password, which may be easier for threat actors to guess once they get a hold of old passwords.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
