-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Dec 24, 2022
> LastPass CEO, Karim Toubba, has confirmed that a threat actor has stolen customer password vaults. This follows a disclosure in August that an unauthorized party had successfully hacked development servers and stolen source code and some LastPass technical information. At that time, Toubba said there was no evidence of customer data or password vaults being accessed. Fast forward to the end of November, and LastPass stated information obtained during that earlier compromise had enabled a threat actor to access "certain elements" of customer data within a third-party cloud storage service. Again, it was stressed that customer passwords remained "safely encrypted." In a Forbes report published December 1, a security expert explained it was unclear what information had been obtained by the attacker. Now, it would appear we know. And it doesn't make for very reassuring reading.
> LastPass, one of the leading password managers, said that hackers obtained a wealth of personal information belonging to its customers as well as encrypted and cryptographically hashed passwords and other data stored in customer vaults.
> The revelation, posted on Thursday, represents a dramatic update to a breach LastPass disclosed in August. At the time, the company said that a threat actor gained unauthorized access through a single compromised developer account to portions of the password manager's development environment and "took portions of source code and some proprietary LastPass technical information." The company said at the time that customers’ master passwords, encrypted passwords, personal information, and other data stored in customer accounts weren't affected.
> Last month, the company announced that threat actors had accessed “certain elements” of customer info. Just as many US workers are leaving for a holiday break, the company reveals that meant their encrypted passwords.
-- Response ended
-- Page fetched on Fri Jun 14 00:02:52 2024