26 August 2022

CYBER SECURITY: Nope. Not Anytime Soon either!

 Another day + Another HACK for LastPass. . . It's not the r "first rodeo,,' rodeo" 



www.bleepingcomputer.com

LastPass developer systems hacked to steal source code

Lawrence Abrams
7 - 8 minutes

LastPass

Password management firm LastPass was hacked two weeks ago, enabling threat actors to steal the company's source code and proprietary technical information.

The disclosure comes after BleepingComputer learned of the breach from insiders last week and reached out to the company on August 21st without receiving a response to our questions.

Sources told BleepingComputer that employees were scrambling to contain the attack after LastPass was breached

✓ Top stories
LastPass developer systems hacked to steal source code
Bleeping Computer
12 hours ago 


LastPass Hacked: Password Manager With 25 Million Users Confirms Breach
Forbes
6 hours ago
World's Most Popular Password Manager Says It Was Hacked 


Bloomberg.com
11 hours ago


www.forbes.com
LastPass Hacked: Password Manager With 25 Million Users Confirms Breach
Davey Winder
3 - 4 minutes

Co-founder, Straight Talking Cyber

New! Follow this author to stay notified about their latest stories.

Aug 25, 2022,11:08pm EDT|

LastPass logo seen on a smartphone
source code

SOPA Images/LightRocket via Getty Images

One of the world's biggest password managers with 25 million users, LastPass, has confirmed that it has been hacked. In an advisory published on August 25, Karim Toubba, the LastPass CEO, said that an unauthorized party had stolen "portions of source code and some proprietary LastPass technical information."
What was accessed during the LastPass network breach?

The breach appears to have been of the development servers, facilitated by a compromise of a LastPass developer account and took place two weeks ago. Incident responders have contained the breach, and LastPass says there is no evidence of further malicious activity. Toubba also confirmed that neither has evidence been found of any customer data or encrypted password vaults being accessed.

MORE FROM FORBESGoogle Confirms New Attack Can Read All Gmail Messages: Iran Accounts TargetedBy Davey Winder
Has your LastPass master password or password vault been compromised?

LastPass users will, of course, be concerned that a hacker could have got hold of the keys to their online kingdom: their passwords. However, LastPass has made it clear that, courtesy of the 'zero knowledge' architecture implemented, master passwords are never stored. "LastPass can never know or gain access to our customers' master password," Toubba said, "this incident did not compromise your master password." As such, LastPass says that no action is required by users in regard to their password vaults.

LastPass tweeted confirmation of hacking incident

Davey Winder
Not their first rodeo

While LastPass should be congratulated for the transparency being displayed in response to this incident, it isn't the first time that users of the password manager have had to deal with news of a breach. In June 2015, the company confirmed that hackers had accessed the network. Then, unlike now, users were prompted to change master passwords when logging in.

MORE FROM FORBESNew Gmail Attack Bypasses Passwords And 2FA To Read All EmailBy Davey Winder
Concerns over what LastPass technical information was stolen

It's good news that customer data was not compromised in this latest incident, but the fact that the intruder accessed source code and 'proprietary technical information' is worrying. Especially as there are no further details regarding exactly what has been stolen.

This is a breaking and, therefore, still developing story. I will update this article as more information becomes known.

Follow me on Twitter or LinkedIn. Check out my website or some of my other work here.

No comments:

Take-A-Ride on The Wild Side....

  CARTOON CAROUSEL The nation’s cartoonists on the week in politics By  POLITICO Staff