LastPass and GoTo report possible cyberattack

Leading password manager LastPass and its affiliate, communications software provider GoTo, has revealed it suffered a breach to its cloud...

Leading password manager LastPass and its affiliate, communications software provider GoTo, has revealed it suffered a breach to its cloud storage infrastructure following a cyberattack in August 2022.

In an update regarding the ongoing incident, the company admits that it has recently detected “unusual activity” within a third-party cloud storage service used by both LastPass and GoTo. 

The results of Lastpass' investigation, signed by LastPass CEO Karim Toubba and involving security experts from Mandiant, showed that someone used the credentials leaked in the incident to gain access to “certain elements” of LastPass’ customer information

Passwords are safe

Toubba did not go into further details about the type of data that was accessed, but he did say that the user passwords were untouched. 

“Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture,” he said. 

"While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity."

By virtue of being one of the most popular business password managers and generators out there, with over 100,000 businesses relying on it daily, LastPass is no stranger to data breaches committed by cybercriminals.

TechRadar Pro has previously reported that the company confirmed In late September 2022 that the threat actor responsible for the original breach in August lurked for days in its network, before ousted. 

However, the threat actor did not manage to access internal customer data, or encrypted password vaults at the time. LastPass claims that the latest development  has not changed that, owing to its Zero Knowledge architecture.

"Although the threat actor was able to access the Development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults," Toubba said at the time. 

The attacker was apparently able to access the company’s Development environment through a developer’s compromised endpoint

The investigation and forensics did not manage to determine the exact method used for the initial endpoint compromise, Toubba did say the attackers utilized their persistent access to impersonate the developer after successfully authenticating with multi-factor authentication.



from TechRadar - All the latest technology news https://ift.tt/HKAx3fs
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,188,Video,5,XIAOMI,13,YouTube - 9to5Google,187,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: LastPass and GoTo report possible cyberattack
LastPass and GoTo report possible cyberattack
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/12/lastpass-and-goto-report-possible.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/12/lastpass-and-goto-report-possible.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy