![]() “We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” Toubba said. The password manager solutions vendor is working with Mandiant to ascertain the precise reason behind the hack. ![]() ![]() In both LastPass breaches this year, the threat actors failed to access customer passwords thanks to the Zero Knowledge security model it has implemented that no one except the customer has access to the password or any other data stored in the company’s digital vault. “The trend of repeated hacks, where the company fails to eliminate the consequences of the breach for months, is frustrating.” “Since the company claims that the current hack is based on data compromised in the previous hack, this raises the question: Why did they not learn from the earlier hack and correct the root cause?” Mike Walters, VP of vulnerability and threat research at Action1, told Spiceworks. What the threat actors obtained in the previously compromised data to breach LastPass again is unknown. The August 2022 breach, wherein the hackers had access to LastPass accounts for four days, compromised the source code and some proprietary technical information. Toubba didn’t talk about the type of information that was compromised but assured that the passwords of more than 33 million company users and more than 100,000 business accounts remain unaffected. In a blog post, LastPass CEO Karim Toubba said the still unknown threat actors accessed “certain elements” of the password manager’s customer information. The recent breach came to light after the company noticed unusual activity in a third-party cloud storage service it shares with GoTo, its parent company. On Wednesday, LastPass confirmed it was breached, a fallout of the August 2022 incident wherein portions of source code and some proprietary LastPass technical information were compromised.
0 Comments
Leave a Reply. |