![]() The second data breach targeted a Dev Ops engineer and exploited a vulnerability on third-party software, and as mentioned previously gained access to information including encrypted LastPass vaults.Last pass then details the measures they have put in place to prevent this. No customer information was stolen, however it’s believed information gained was used in the second attack. The first data breach involved the theft of development environment source code along with technical information from a software engineer’s laptop.Details of how the breaches occurred is given: In summary, LastPass has apologised for the lack of communication around the incidents that took place, and says it is aiming to communicate better in the future. LastPass has released an update about both breaches as well as some recommended actions to take. Password cracking software exists and can try thousands of passwords in seconds. The bad news is that this isn’t necessarily hard for a hacker to do with the right tools depending on the strength of the password. ![]() The good news is that the data is encrypted – the hacker will not be able to access the information in a user’s vault without knowing the user’s password. However the more concerning issue is the stolen encrypted customer data that has been obtained by the hackers, most specifically customers’ vaults containing various usernames and passwords. The stolen data is believed to have contained unencrypted information such as email addresses, billing addresses, telephone information and more. It is believed information obtained from this initial attack was used in the follow-up attack which led to some customers vaults being compromised. This follows on from an attack in August 2022 where access was gained to a developer account. Over the Christmas period, popular password manager LastPass announced that hackers had gained access to customer’s password vaults writes Tyson McGuirk. Two months on… should we still be worried about the LastPass breach?
0 Comments
Leave a Reply. |