LastPass admitted in August that an unauthorized person had hacked into their system. The company’s first statement is that important information, including user login (login) information, is not compromised.
CEO: LastPass doesn’t have access to master passwords
As a result of the investigation conducted by LastPass together with the cyber security company Mandiant, it was revealed that the malicious person had internal access to the systems for four days. It was stated that a few source codes and technical information of the password manager were stolen, and access was limited to user data and the development environment not dependent on encrypted vaults. CEO Toubba also pointed out that LastPass does not have access to users’ master passwords needed to decrypt the vault.
User information is safe
LastPass CEO said there is no evidence of any access to user data or encrypted password vaults. He also stated that they could not find any trace of hackers injecting malicious code into the systems. He explained that with the hijacking of the developer’s endpoint, the server’s systems were infiltrated. After the developer successfully authenticated using two-factor authentication, the hacker impersonated the developer.
LastPass suffered a security breach in 2015 that compromised users’ email addresses, authentication hashes, password reminders, and other information. With over 30 million users, LastPass doesn’t ask users to do anything to keep their data safe, but it’s worth changing the password and turning on two-step authentication.
How to freeze Instagram account?
30570
