LastPass CEO Karim Toubba wrote to inform LastPass users that the company had detected unusual activity within portions of the LastPass development environment. This messaging app was leaking customer voice data.August 25, 2022: LastPass detects "unauthorized" access Right now, get an annual plan with TotalAV for only $19 at. Antivirus is vital: Always have a trusted antivirus program updated and running on all your devices.Where available, always use two-factor authentication: This additional security measure makes it difficult for hackers to break into accounts without the security code sent to your phone or an authentication app. Never use the same password for multiple accounts: Through a technique known as credential stuffing, hackers use the same stolen passwords on different services, hoping to find duplications.Use strong, unique passwords: Go here for 10 valuable password tips.Regardless of whether you use LastPass or not, here are some precautions to take: If you’re a LastPass customer, you should change your master password immediately. We have to ask: Why was this information available on the employee’s home computer to begin with? It’s hard to come to terms with a company when the trust is broken. The company is implementing a slew of security measures, such as helping the hacked DevOps Engineer strengthen their home network security. You can argue that LastPass will be stronger following these incidents. The threat actor then gained access to the DevOps engineer’s LastPass corporate vault, which contained encrypted and unencrypted LastPass customer data.Ī security bulletin from LastPass CEO Karim Toubba states that end user master passwords were not compromised due to LastPass’ zero-knowledge architecture - only you have that information. The attacker installed keylogger malware and captured the employee’s master password as they entered it following multi-factor authentication. The attacker targeted the DevOps engineer’s home computer and exploited vulnerable third-party media software, enabling remote code execution. To investigators, the threat actor activity resembled legitimate activity, so they didn’t catch on until it was too late. This was done before LastPass reset the system following the first attack. RELATED: Protect your phone: Steps to take if your device is lost, stolen, or broken What we know nowĭuring the second attack, the threat actor used information gleaned from the first to steal credentials from one of the four senior DevOps engineers with access to the shared folders containing decryption keys. The virtual storage contained basic customer account information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers and IP addresses from which customers accessed LastPass. The hackers then launched a phishing campaign against an employee, obtaining credentials and keys, which they used to access and decrypt storage volumes within the cloud-based storage service. A highly restricted set of shared folders in a LastPass password manager vault used by just four DevOps engineers for administrative duties.Closely guarded on-premises data centers.LastPass said customer data was safe, as the decryption keys can only be retrieved from the following:
0 Comments
Leave a Reply. |