It turns out that a hacker accessed customer data using the source code stolen from the password management application 'LastPass'


by Focal Foto

It turned out that someone illegally accessed LastPass user data using the source code stolen in the source code leak incident of the password management service `` Lastpass '' that occurred in August 2022.

Notice of Recent Security Incident - The LastPass Blog
https://blog.lastpass.com/2022/11/notice-of-recent-security-incident/

Lastpass says hackers accessed customer data in new breach
https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-accessed-customer-data-in-new-breach/

Lastpass announced on December 1, 2022 that it detected unusual activity in a third-party cloud storage service shared by LastPass and its parent company GoTo.



According to LastPass CEO Karim Toubba, the threat actor that compromised LastPass' cloud storage this time used information gleaned from a source code leak that occurred in August 2022 to access 'certain elements of LastPass' user data. ” was successfully accessed.

Although the specific data stolen and the number of victims have not been disclosed, Toubba said, ``LastPass' Zero Knowledge architecture keeps your passwords securely encrypted.'' and expressed the view that the password was not leaked.

Lastpass is one of the most popular password managers, used by over 33 million users and over 100,000 businesses. However, in previous data breaches where source code was stolen, it was also found that threat actors were able to bypass Lastpass multi-factor authentication and impersonate developers to gain access to development environments.

“After we detected the anomalous activity, we immediately launched an investigation, asked security giant Mandiant to investigate, and notified law enforcement,” Toubba said. We kindly ask you to wait for a while.'

Related Posts:

in Software,   Security, Posted by log1l_ks