Latest LastPass data breach involves hacker gaining access to third-party cloud storage

Latest LastPass data breach involves hacker gaining access to third-party cloud storage

Posted on

Password manager LastPass US LP has suffered another data breach, with a hacker gaining access to a third-party cloud storage service used by the company and its affiliate GoTo Technologies USA Inc.

The data breach was a direct result of a previous breach reported by LastPass in August. Those behind the first hack used data obtained in the hack to gain access to the unnamed cloud provider and customer information. The exact data accessed was not detailed by LastPass, but the company did say that customer passwords were not accessed and remained safely encrypted.

“We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” LastPass said in an email to customers. “In the meantime, we can confirm that LastPass products and services remain fully functional.”

While the email to customers starts with mentioning that the company has a “commitment to transparency,” and then going public with the details they have is always positive, yet another incident is not a good look for the company many rely on – including the writer of this article, to secure their passwords.

LastPass has a growing list of hacks and security incidents. Along with the now two this year, the company’s history of being hacked goes back to 2015, followed by security issues in 2017 and 2019. In December last year, LastPass users reported attempted logins using their master passwords, although the attack was attributed to credential stuffing. In January, LastPass admitted it had suffered an outage it first denied that was caused by a bug.

“It’s concerning to hear that LastPass has experienced another security incident following a previous one that was made public back in August,” Chris Vaughan, vice president – technical account management, EME at cybersecurity and systems management company Tanium Inc., told SiliconANGLE. “The attack involved source code and technical information being taken from unauthorized access to a third-party storage service the company was using.”

“Password managers are a challenging but attractive target for a threat actor, as they can potentially unlock a treasure trove of access to accounts and sensitive customer data in an instant if they are breached, ” Vaughn explained. “However, I believe that the benefits of using a secure password management solution often far outweigh the risks of a potential breach. When layered with the other security recommendations, it’s still one of the best solutions to prevent credential theft and associated attacks.”

Image: LastPass

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *