4/30/2023 0 Comments Lastpass backup vault![]() No company can be 100% safe from breaches that’s a simple truth, but trust is paramount in the world of password management, and there can be little doubt that trust is being tested hard right now. The transparency in declaring breaches is always to be applauded, although questions remain as to why it has taken so long to determine and disclose that password vaults had been stolen. I am not a LastPass user, but if I were, then I'd certainly be looking at alternatives following what has been a particularly challenging 2022 for the company. Image: Shutterstock Vulnerable software on a remote worker’s home PC was part of the reason password manager LastPass got hacked in 2022, leading to backups of encrypted customer password vaults being accessed by attackers. Whether you think that LastPass is a service you can continue to trust or not is a matter for you. In the latest notification, LastPass says the attacker stole data from its development environment, used this to target another employee and steal their credentials and keys, and later used these. LastPass had customer backup vaults exfiltrated in an attack. LastPass is "performing an exhaustive analysis of every account with signs of any suspicious activity within our cloud storage service," Toubba stated. Business users not using the federated login, and with a weak master password, Toubba again recommends they consider changing all stored website passwords. What is the impact on LastPass business users?įor business customers using the federated login services provided by LastPass, Toubba says that the threat actor "did not have access to the key fragments stored in customer Identity Provider’s or LastPass’ infrastructure, and they were not included in the backups that were copied that contained customer vaults." Again, 'no action, is the recommended action for these users. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |