![]() ![]() LastPass says that no action must be taken by any users now. Has any personal information been compromised?Īccording to the investigation, there’s no evidence of unauthorized customer data access. The company dropped a reminder that the zero-knowledge model only allows the customer to decrypt vault data. LastPass says that the incident occurred in the development environment, and there’s no evidence that anyone accessed the encrypted vault data. Has any data within the vaults been compromised? LastPass says the incident did not compromise master passwords, as the company doesn’t store or have knowledge of that information (this is an excellent example of zero knowledge architecture). Your master LastPass password gives you access to everything in your account, including passwords, notes and form fill items. ![]() The blog post included answers to some concerns that users may have: Were any master passwords compromised? ![]() According to the blog post, the incident has been contained, security measures were ramped up, and there’s no more evidence of malicious activity. LastPass contained the attack and hired a cybersecurity and forensics firm to investigate. RELATED: 3 security steps every small business needs to take right now The response LastPass sent customers an email containing the same blog post information. While LastPass says there is no evidence that customer data or encrypted password vaults were compromised, the threat actors did steal portions of their source code and “proprietary LastPass technical information,” which could lead to compromises. “Our product and services are operating normally,” Toubba concluded. The blog states that an “unauthorized party” got into the system through a compromised developer account and took some source code and proprietary LastPass technical information. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |