Home Technology LastPass cloud breach involves ‘certain elements’ of customer information

LastPass cloud breach involves ‘certain elements’ of customer information

by News Desk
0 comment
The logo of the online password manager service LastPass is reflected on the internal disk of your hard drive. (Photo by Leon Neal/Getty Images)

LastPass reported Wednesday that it detected “unusual activity” within a third-party cloud service shared by LastPass and its GoTo affiliates.

and Blog update for customersLastPass CEO Karim Toubba said unauthorized parties could use information obtained at Previous August 2022 Incidentobtained access to “specific elements” of customer information.

Toubba said LastPass launched an investigation and was hired Mandiantand alerted law enforcement agencies.

“We are working diligently to understand the scope of the incident and identify the specific information that was accessed.In the meantime, we can confirm that LastPass products and services are fully functional. increase.”

Chris Vaughan, Tanium’s vice president of technical account management, said he was concerned to hear that LastPass had experienced another security incident following the previous security incident disclosed in August. . Vaughan said the attack involved theft of source code and technical information from unauthorized access to third-party storage his services used by the company.

“It wasn’t before, but the new breach is more serious because customer information was accessed,” Vaughan said. “The intruder did this by gaining access to the LastPass IT environment using data exposed in a previous incident. It says it is working to better understand and pinpoint exactly what data was stolen.The IT security team is working on this around the clock and has visibility into the network and the devices connected to it. There is no doubt that sex will be severely tested.”

Vaughan added that password managers are a challenging but attractive target for threat actors. Password managers, if compromised, can instantly unlock a treasure trove of access to accounts and sensitive customer data.

“However, the benefits of using a secure password management solution often far outweigh the risk of potential compromise,” Vaughan said. “Combined with other security recommendations, he is one of the best solutions to prevent credential theft and related attacks. I just hope you haven’t.”

Lorri Janssen-Anessi, BlueVoyant’s director of external cyber assessments, says that while cloud hosting has security concepts, and to some extent, they are true, organizations continue to be concerned about the attack surfaces that exist in cloud-hosted networks, services, or applications. I added that you should be aware. .

According to Janssen-Anessi, enterprises still need to minimize user privileges, patch vulnerable software, be aware of actively hosted assets, and ensure secure configurations, including cloud security settings. there is.

“Think carefully about what you host in the cloud and avoid critical data and operationally necessary applications that could impact business continuity as it depends on the hosting provider and the continuity of their services. Don’t put it in the cloud,” said Janssen-Anessi. “favorite Third party connection, cloud hosting should also be carefully included and protected within the ecosystem. “

You may also like

Leave a Comment

Copyright ©️ All rights reserved. | Canadian Trends