Sign In/Register
Subscribe
Home News According to LastPass, a Recent Issue Resulted in the Exposure of Certain Client Data

According to LastPass, a Recent Issue Resulted in the Exposure of Certain Client Data

According to LastPass, a Recent Issue Resulted in the Exposure of Certain Client Data

While LastPass initially said it found no evidence that customer data was compromised during a data breach in August, the password management vendor confirmed that information stolen in the attack has now been used to access some customer information, though the scope remains unclear.

LastPass CEO Karim Toubba disclosed the initial data breach in late August, revealing that a single developer account had been compromised. Though source code and “some proprietary LastPass technical information” was stolen, Toubba said an investigation with incident response firm Mandiant determined that there was no evidence that customer data was affected.

However, an updated security incident statement Wednesday confirmed that fallout from the attack continues and might be concerning to customers.

“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information,” Toubba wrote in the update. “We are working diligently to understand the scope of the incident and identify what specific information has been accessed.”

LastPass said it engaged the services of Mandiant again and contacted law enforcement after detecting unusual activity within a third-party cloud storage service it shares with GoTo, formerly known as LogMeIn, which acquired LastPass in 2015.

The latest update from LastPass represents a marked change in the assessment of the August breach. In a September update after the initial investigation with Mandiant was completed, LastPass wrote: “Although the threat actor was able to access the development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults.”

Due to the findings, LastPass did not recommend any actions for customers to take regarding compromised data. The password management vendor also said it deployed additional endpoint security controls and monitoring following the August attack.

While LastPass said its services remain functional and customers’ passwords safely encrypted, it is unclear if that refers to all passwords or only master ones. It also remains unclear what customer information, or how much, the threat actor obtained in the most recent breach.

Source: Tech Target

In Other News

Canon India Appoints Manabu Yamazaki As New President & CEO

Information Technology
Canon India Pvt. Ltd., the global leader in imaging technologies, announced the appointment of Manabu Yamazaki as the new President & CEO.
Read more

Long COVID: Why This Should Matter to HR

Information Technology
“Long COVID” is a term used to describe the long-lasting impact that COVID-19 can have on a person, many months after they first contract it.
Read more

Third of Employers Say Remote Working Has Boosted Productivity

EMEA
According to new research by the CIPD, employers have largely seen a benefit in productivity due to the shift to remote working.
Read more

US Economy Grew Robustly in First Quarter

Information Technology
GDP grew at a 6.4% annual rate in the quarter, leaving the economy within 1% of its peak.
Read more

Asia-Pacific Markets Broadly Lower As Investors Turn Cautious

Information Technology
Asia-Pacific markets struggled for gains Friday as investors turned cautious, despite a positive finish stateside in the previous session.
Read more
Load more

About

Technology is always evolving - getting more complex and diverse. Techmaster Node provides the top stories, trends, news, and information about the technology industry that helps keep you updated and educated.

Quick Links

Latest Resources

Geo Locations

Copyright © 2023 Techmaster Node c/o Anteriad. All Rights Reserved.