“We recognize that security incidents of any sort are unsettling but want to assure you that your personal data and passwords are safe in our care,” added Toubba.
We have also deployed additional threat intelligence capabilities as well as enhanced detection and prevention technologies in both our Development and Production environments,” Toubba explained. “We have deployed enhanced security controls including additional endpoint security controls and monitoring. “Although the threat actor was able to access the Development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults,” said Toubba.įollowing that incident, in which the company investigated source code and protection builds, LastPass also partnered with a cyber security firm to enhance their source code safety practices which include secure software development life cycle processes, threat modeling, vulnerability management and bug bounty programs. 9to5Mac reports that the August data breach did include access to customer data. The development and production environments are not connected physically or directly. During that investigation, LastPass and Mandiant did not find evidence of any customer data or encrypted password vaults being accessed. According to a blog post, the company said that source code and technical information was accessed during a four-day period in August. In late August, LastPass was hit with a data breach in their developer environment. Source: LastPass Second data breach this year LastPass published FAQs and directed customers where to go for additional information. As is our practice, we will continue to provide updates as we learn more.”
“We thank you for your patience while we work through our investigation. “As part of our efforts, we continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent further threat actor activity,” Toubba said. The company asserted that their products and services are fully functional, and they directed customers and other concerned parties to LastPass setup post. They are trying to determine the scope of the data breach and identify what information was accessed. LastPass has hired security firm Mandiant and alerted law enforcement of the incident. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture,” wrote Toubba. “We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Calling it a “security incident,” LastPass is investigating unusual activity with a third-party cloud service both LastPass and their affiliate GoTo use, but which LastPass did not name. Last Week, LastPass CEO Karim Toubba notified customers via email and on the website’s blog to announce a data breach, the company’s second breach of 2022.
0 kommentar(er)
