Password manager LastPass is investigating a security breach within a third-party cloud storage service after its systems were exploited for the second time this year. In a blog post, Karim Toubba, LastPass CEO, shared that an unauthorized party gained access to some of the LastPass customers' information in a third-party cloud storage service shared by both LastPass and its parent company, GoTo.
LastPass is one of the most popular password managers available in the market that aims to minimize the reuse of passwords online by storing them in a single app. It also makes it convenient for users to generate new and complicated passwords without remembering them.
Source- LastPass Twitter
In August 2022, LastPass was first hit with a security breach within the development environment, where threat actors stole some of its technical information and source code. After an investigation, the password manager confirmed that while the threat actors managed to access the company’s development environment, the system prevented access to encrypted passwords and customer data.
LastPass also said that its production environment was physically separate from the development environment and not directly connected. The password manager also analyzed its source code, and production builds to confirm there were no attempts to inject malicious code. “Developers do not have the ability to push source code from the Development environment into Production. This capability is limited to a separate Build Release team and can only happen after the completion of rigorous code review, testing, and validation processes”, said Karim at that time.
In a statement on Wednesday, Karim Toubba, LastPass' CEO, said that an unauthorized party had accessed a few elements of customers' information using information obtained during a previous attack. The company, however, did not disclose what specific information the attackers accessed but confirmed that the passwords stored in the app remained safe. Moreover, LastPass stated it had no access to customers' master passwords, meaning only the user could decrypt their stored passwords.
Also Read: Things that need attention in 2023: Cybersecurity
For more news and updates, Visit https://blog.excellimatrix.com/ or follow us on Facebook & LinkedIn or Contact us at 406-646-2102 and get your questions answered.