18.1 C
New Delhi
Friday, November 22, 2024
HomeTechHack in password manager LastPass did not expose users' data: CEO

Hack in password manager LastPass did not expose users’ data: CEO


The CEO of popular encrypted password manager LastPass has said that the hacking episode last month did not involve any access to customers’ data or encrypted password vaults.


In a latest statement, Karim Toubba, CEO of LastPass admitted that the security breach in August had internal access to the company’s systems for four days until they were detected and evicted.

“Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor’s activity and then contained the incident,” Toubba said.

The investigation found that the threat actor gained access to the platform’s development environment using a developer’s compromised endpoint.

The threat actor utilised their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication.

“Although the threat actor was able to access the Development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults,” said the CEO.

Discover the stories of your interest



LastPass is a freemium password manager that stores encrypted passwords online.

The CEO said that LastPass does not have any access to the master passwords of its customers’ vaults.

“Without the master password, it is not possible for anyone other than the owner of a vault to decrypt vault data as part of our Zero Knowledge security model,” he mentioned.

The company said it has deployed enhanced security controls, including additional endpoint security controls and monitoring after the incident.

Stay on top of technology and startup news that matters. Subscribe to our daily newsletter for the latest and must-read tech news, delivered straight to your inbox.



Source link

- Advertisment -

YOU MAY ALSO LIKE..

Our Archieves