![]() They are also updating their safeguards and confirming exactly which data the breach accessed, including advising business customers on recommended action. Behind the scenes, the company is striving to identify any suspicious activity within the cloud backup storage. LastPass has urged customers to follow its recommended security practices and is working with GoTo, Mandiant, and law enforcement services to investigate the issue.To eliminate the risk of this kind of breach happening again, LastPass has completely rebuilt its development environment and implemented strict processes and authentication mechanisms. In addition to safely storing passwords, such managers also generate cryptographically secure passwords that are far more difficult for hackers to guess than the more commonly used ones. Password managers are a popular solution for storing logins securely, and can be extremely beneficial for business use especially in roles burdened with a large number of critical passwords. In all of this though, it is important to commend LastPass for their exemplary transparency in their incident response." So while the risk may be low, we cannot say there is no risk at all. There is always something that can be taken which could be combined with other data elements, or saved for future use. "Similarly, we cannot completely dismiss any data breach as completely benign. But mix it with other stable elements under the right conditions and you could end up with something volatile. On their own, maybe a certain element is stable and benign. "Data can sometimes be considered similar to chemical elements. "This will vary depending on the nature of data that is stored or processed on the third-party cloud. "Third-party cloud storage certainly poses risks for organisations," said Javvad Malik, lead security awareness advocate at KnowBe4, to IT Pro. GoTo has not offered further information on the specific activity performed within its development environment, and unlike LastPass made no mention of customer information being affected. LastPass breach: CEO says 'no evidence' of customer data being stolen Best password managers Revealed: The top 200 most common passwords of 2022 The company stated that all its products and services remain operational and that it is deploying further security measures and monitoring to prevent further activity from threat actors. In a blog post covering the incident, GoTo CEO Paddy Srinivasan said that the company “detected unusual activity within our development environment and third-party cloud storage service”. LastPass affiliate GoTo (formerly LogMeIn) was also affected in the attack the two companies share the same third-party cloud storage service. ![]() In the meantime, we can confirm that LastPass products and services remain fully functional.” “We are working diligently to understand the scope of the incident and identify what specific information has been accessed. ![]() ![]() “Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture. “We have determined that an unauthorised party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information,” said Toubba in a blog post. ![]()
0 Comments
Leave a Reply. |