Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

LastPass flags security incident after attackers stole source code, technical information

LastPass has alerted users to a security incident after an unauthorized party gained access to the company’s internal network.

In a statement issued yesterday (August 25), LastPass CEO Karim Toubba said “unusual activity” was detected within portions of the software firm’s production environment.

A subsequent investigation revealed that attackers had gained access through a compromised developer account and “took portions of source code and some proprietary LastPass technical information”.

LastPass was quick to note that users’ master passwords were not compromised as part of this attack, due to the company’s ‘zero knowledge’ architecture.

“Our investigation has shown no evidence of any unauthorized access to encrypted vault data,” the company added. “Our zero knowledge model ensures that only the customer has access to decrypt vault data.”

Mitigation measures

In response to the incident, LastPass said it has deployed “containment and mitigation” measures and engaged a cybersecurity and forensics firm.

“While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity,” Toubba said.

“At this time, we don’t recommend any action on behalf of our users or administrators.”

Source: https://portswigger.net/daily-swig/lastpass-flags-security-incident-after-attackers-stole-source-code-technical-information

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO