We have now completed an exhaustive investigation and have not seen any threat-actor activity since October 26, 2022.ĭuring the course of our investigation, we have learned a great deal more about what happened and are sharing new findings today. Security experts overwhelmingly recommend the use of password managers, because they make it much less likely that users will set bad, easy to guess passwords, or use the same password for multiple accounts.I want to share with you an important update about the security incident we disclosed on December 22, 2022. Password managers are free and paid services that encrypt and store all of a user's logins and passwords, autofilling them into the appropriate websites and apps when a master password, PIN number or biometric factor is supplied.Īs part of their security measures, LastPass and many other password managers don't store, have knowledge of, or access to the master passwords of its users, which further protects user data if the company is breached. While its investigation is ongoing, the company says it hasn't seen any further evidence of intruders. LastPass says it's taken measures to contain and stop the breach, as well as brought in an outside cybersecurity company to investigate.
"After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults," LastPass CEO Karim Toubba wrote in the customer notice. It later determined that someone had gained unauthorized access to that environment through a compromised developer account and taken parts of its source code and other proprietary technical data.
In a Thursday notice to customers, the popular password manager says it started investigating about two weeks ago after it detected some "unusual activity" within parts of its developer environment. LastPass says cybercriminals breached its systems and stole part of its source code, but that no customer passwords were compromised in the incident.
0 kommentar(er)
