Specific login details are still protected by master passwords but should the hackers manage to crack them, they would gain full access to credentials used across the web. And as a popular tool in this space, it holds credentials for millions of users – many of whom are now at risk.Īccording to the inventory published by LastPass, we now know that the attacker managed to steal backups of all customer vault data - encrypted copies of LastPass customers' password vaults and digital access credentials. In an increasingly-digital world, they can unlock our personal correspondence, our health data, and our financial records. These credentials are the keys to every element of our online identity. It's an organization whose mission statement is closely tied to managing extremely sensitive user data - passwords. LastPass is not just another software company. The attacker used this vulnerability to gain access to cloud backups – and to access a shocking amount of the most sensitive data imaginable. A DevOps engineer was specifically targeted by the attacker, who exploited a third-party software vulnerability on the employee's home computer, along with information stolen in the first breach. Unfortunately, this was not the case in the second incident, which occurred shortly thereafter (and only discovered at the end of February). However, LastPass announced at the time that customer data wasn’t compromised. In the first incident, some proprietary data was stolen – including development and source code repositories, internal scripts, and documentation. You can find the full details elsewhere (such as in this Ars Technica story or in the LastPass blog), but to recap: LastPass suffered from two data breach incidents in August 2022. Since December, the company has been embroiled in what’s shaping up to be a major data security scandal. For many LastPass employees – from software engineers to C-level executives – the last few months have been hell.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |