Hack in password manager LastPass did not expose users' data: CEO

Hack


New Delhi, Sep 18 : The CEO of popular encrypted password manager LastPass has said that the hacking episode last month did not involve any access to customers' data or encrypted password vaults. In a latest statement, Karim Toubba, CEO of LastPass admitted that the security breach in August had internal access to the company's systems for four days until they were detected and evicted. "Our investigation revealed that the threat actor's activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor's activity and then contained the incident," Toubba said. The investigation found that the threat actor gained access to the platform's development environment using a developer's compromised endpoint. The threat actor utilised their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication. "Although the threat actor was able to access the Development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults," said the CEO. LastPass is a freemium password manager that stores encrypted passwords online. The CEO said that LastPass does not have any access to the master passwords of its customers' vaults. "Without the master password, it is not possible for anyone other than the owner of a vault to decrypt vault data as part of our Zero Knowledge security model," he mentioned. The company said it has deployed enhanced security controls, including additional endpoint security controls and monitoring after the incident. /IANS




Related

Ola Electric opens 14 new experience centres in India, plans 200 by year-end
Bengaluru, Nov 28 : Ola Electric on Monday announced that it has expanded its direct-to-consumer (D2C) footprint by opening 14 new experience centres

Why Musk keeps diet cokes, revolver at his bedside table
San Francisco, Nov 28 : Twitter CEO Elon Musk posted a picture on the micro-blogging platform Twitter, with four diet cokes (caffeine-free Coke), a tr

S.Korean minister denounces YouTubers as 'political gangsters'
Seoul, Nov 28 : Justice Minister Han Dong-hoon on Monday denounced a group of YouTubers who attempted to enter his house without notice the previous d