LastPass claims no data was compromised despite cybersecurity attack
LastPass, however, assured the customers that their passwords and other vital data remain safe. LastPass stores all passwords in a single app, reducing the reuse of passwords online.
By ET Spotlight Special |
Agencies
LastPass, the popular password manager app, has recently been hit by a cybersecurity attack. However, the company has ascertained that the information, such as crucial data and customer passwords, is safe. A few months back, the same password-storing app acknowledged that some portion of its essential source code and proprietary technical information was accessed unauthorizedly by a third-party cloud storage company, the services of which the company has been using.
Was the security breach of LastPass limited?
In its official statement, the company said that the breach was limited to the development environment and couldn't reach the customers' data and encrypted passwords. The company didn't specify what information was accessed as the investigation is currently ongoing. It further stated that the production environment lies in a different physical environment than the development environment.
5 Cybersecurity Threats To Watch Out For In 2022
1/6
In 2021, cyber criminals delivered a wave of cyber-attacks that were not just highly coordinated, but far more advanced than ever seen before. You may have read about recent cybersecurity incidents impacting some of the largest corporations in the world.
A flurry of new threats, technologies, and business models have emerged in the cybersecurity space as the world shifted to a remote work model in response to the COVID-19 pandemic and has subsequently moved to a ‘hybrid’ work culture.
These cyberattacks target everyone, but trends show that small businesses are one of the most common targets. Neelesh Kripalani, Chief Technology Officer of Clover Infotech, shares five cybersecurity threats that businesses should be prepared to mitigate in 2022:
In 2021, cyber criminals delivered a wave of cyber-attacks that were not just highly coordinated, but far more advanced than ever seen before. You may have read about recent cybersecurity incidents i..
Read More
Within the organization's set up, one can mitigate the common cybersecurity risks through a firewall, employee awareness, and stringent policies etc. However, when employees are working remotely, putting up cybersecurity measures becomes difficult. A recent survey from the UK and US-based security firm, Tessian, found that 56% of senior IT technicians believe their employees have picked up bad cyber-security habits while working from home. Some of the top cybersecurity risks associated with remote work include unsafe networks, use of personal devices, human error etc. Implementing security measures such as VPNs, anti-phishing tools, anti-virus, constant employee education etc. can help to mitigate the risk to a great extent.
Within the organization's set up, one can mitigate the common cybersecurity risks through a firewall, employee awareness, and stringent policies etc. However, when employees are working remotely, put..
Read More
Organizations are rapidly using the cloud to fast-track their digital transformation journey. Despite the increasing adoption of cloud, the data security still remains a key concern for many enterprises. Some of the top causes of cloud vulnerabilities are improper management of RDP (Remote Desktop Protocol), misconfigurations, weak authentication, and shadow IT use etc.
Organizations are rapidly using the cloud to fast-track their digital transformation journey. Despite the increasing adoption of cloud, the data security still remains a key concern for many enterpri..
Read More
Digital transformation is about becoming data-driven. The Internet of Things (IoT) is one of the key providers of that data. IoT devices are vulnerable mostly because they lack the necessary built-in security controls to defend against threats. As per Kaspersky, IoT cyberattacks have more than doubled in 2021 compared to the previous year. Vulnerabilities in IoT devices allows cyber criminals to gain access to the sensitive data and to further launch attacks against other connected systems.
Digital transformation is about becoming data-driven. The Internet of Things (IoT) is one of the key providers of that data. IoT devices are vulnerable mostly because they lack the necessary built-in..
Read More
The traditional story of ransomware was one of malicious code rapidly encrypting files with public-key RSA encryption, and then deleting those files if the victim did not pay the ransom. The 'Double Extortion Ransomware Attack' aka 'pay-now-or-get-breached' involves threat actors stealing data from organizations in addition to encrypting files. This means that, in addition to demanding a ransom to decrypt data, attackers can later threaten to leak the stolen information if an additional payment is not made.
The traditional story of ransomware was one of malicious code rapidly encrypting files with public-key RSA encryption, and then deleting those files if the victim did not pay the ransom. The 'Double ..
Read More
Credential stuffing is a cyber-attack in which credentials obtained from a data breach on one service are used to attempt to log in to another unrelated service. Such attacks are on the rise due to the more sophisticated bots that simultaneously attempt several logins, and appear to originate from different IP addresses. The main reason that credential stuffing attacks are effective is that many users reuse the same username/password combination across multiple sites. If this practice continues, credential stuffing will remain a serious threat.
Credential stuffing is a cyber-attack in which credentials obtained from a data breach on one service are used to attempt to log in to another unrelated service. Such attacks are on the rise due to t..
The last time there was unauthorized access, the company investigated its production build and source code to check whether any attempts were made to inject malicious code. It said that the developers or hackers could not push or transfer source code from the development environment to the production one.
According to the company, the capability is limited to a specific team of the build release. The changes can only occur until a rigorous review, testing, and validation has been completed. CEO Karim Toubba has assured more robust measures to prevent any further threats.
FAQs:
Which company acquired LastPass in 2015? GoTo, formerly known as LogMeIn, acquired LastPass in 2015.
How LastPass allows access when someone forgets the master password? LastPass provides password hints decided by the user in case the master password is missing.
