Updated News Around the World

Lastpass security breach detailed by none other than its CEO: Here’s what he reveals | Digit

Lastpass security breach detailed by none other than its CEO: Here’s what he reveals | Digit

The CEO of popular encrypted password manager LastPass has said that the hacking episode last month did not involve any access to customers’ data or encrypted password vaults.

In a latest statement, Karim Toubba, CEO of LastPass admitted that the security breach in August had internal access to the company’s systems for four days until they were detected and evicted.

“Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor’s activity and then contained the incident,” Toubba said.

The investigation found that the threat actor gained access to the platform’s development environment using a developer’s compromised endpoint.

The threat actor utilised their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication.

“Although the threat actor was able to access the Development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults,” said the CEO.

LastPass is a freemium password manager that stores encrypted passwords online.

The CEO said that LastPass does not have any access to the master passwords of its customers’ vaults.

“Without the master password, it is not possible for anyone other than the owner of a vault to decrypt vault data as part of our Zero Knowledge security model,” he mentioned.

The company said it has deployed enhanced security controls, including additional endpoint security controls and monitoring after the incident.

(Except for the headline and cover image, the rest of this IANS article is un-edited)

For more technology news, product reviews, sci-tech features and updates, keep reading Digit.in

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.