Thursday, Dec 01, 2022, 18:39 Software

LastPass Hacked Again As Attackers Attain Access To Customer Data – Extent Unknown

In August of this year, hackers managed to penetrate LastPass' internal system and capture sensitive information. However, neither customer accounts nor encrypted password data banks were accessed, according to the company. Only three months later, yet another malicious attack has already occurred as external parties achieved new access to company data. Both incidents are connected closely.

Attackers Gained Access To Customer Data
The most recent attack's target wasn't actually the company's servers – rather the servers of an external cloud service used by LastPass and GoTo for data transfer between the two. LastPass CEO, Karim Toubba, revealed this in a blog post. Accordingly, the hackers utilized information stolen during the previous attack back in August to execute their most recent breach. The exact extent of the recently tapped data is still unknown to the company, according to Toubba. However, "certain elements of... customers' information" was breached by the data thieves. LastPass has contracted security firm Mandiant to analyse the incident and has also alerted the relevant law enforcement agencies.

advertising


advertising


LastPass CEO – User Passwords Not Endangered
Toubba assured the public that LastPass' password data bank is not in any danger – thanks to its "zero knowledge" architecture and encryption. Additionally, the company's cloud service remained unimpeded by the hack and continued to function flawlessly. LastPass will undertake security precautions, creating "additional endpoint security controls and monitoring". A similar statement was audible from the LastPass CEO after the hacking incident back in August. If the security measures announced then were indeed implemented, they entirely failed to offer any sufficient protection against the most recent attack. The company has expressed that it will inform customers via its blog once more details concerning the attack arise.

More mtech.news articles you might enjoy to read: