Hackers had internal access to LastPass for four days
By MYBRANDBOOK
Sharing more details about the security incident last month, password management solution LastPass disclosed that the threat actor had access to its systems for a four-day period in August 2022.
The company completed the investigation into the hack in partnership with incident response firm Mandiant, further adding that the access was achieved using a developer’s compromised endpoint. The threat actor utilised their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication.
LastPass CEO Karim Toubba said, “Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor’s activity and then contained the incident. There is no evidence of any threat actor activity beyond the established timeline, there is no evidence that this incident involved any access to customer data or encrypted password vaults.”
The CEO said that LastPass does not have any access to the master passwords of its customers’ vaults. “Without the master password, it is not possible for anyone other than the owner of a vault to decrypt vault data as part of our Zero Knowledge security model,” he said.
As informed earlier, the attacker failed to obtain any sensitive customer data owing to the system design and zero trust controls put in place to prevent such incidents. It also said it conducted source code integrity checks to look for any signs of poisoning and that developers do not possess the requisite permissions to push source code directly from the development environment into production.
InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce
In a move that is set to transform the AI landscape, Rahul Bhatia, Group M...
Download masked Aadhaar to improve privacy
Download a masked Aadhaar from UIDAI to improve privacy. Select masking w...
Sterlite Technologies' Rs 145 crore claim against BSNL rejecte
An arbitrator has rejected broadband technology company Sterlite Technolog...
ID-REDACT® ensures full compliance with the DPDP Act for Indi
Data Safeguard India Pvt Ltd, a wholly-owned subsidiary of Data Safeguard ...
DELL TECHNOLOGIES INDIA PVT. LTD.
TATA CONSULTANCY SERVICES
VERSA NETWORKS INDIA PVT. LTD.
MICROMAX INFORMATICS LTD.
Technology Icons Of India 2023: Sunil Vachani
Sunil Vachani is the founder and chairman of India-listed Dixon Techno...
Technology Icons Of India 2023: Amit Chadha
. An influential leader in the engineering services industry for over ...
Technology Icons Of India 2023: Kulmeet Bawa
Kulmeet Bawa resides as President & Managing Director, SAP Indian subc...
Aadhaar: Architecting the World's Largest Biometric Identity System
The Unique Identification Authority of India (UIDAI) is a statutory au...
C-DOT enabling India in indigenous design, development and production of telecom technologies
An autonomous telecom R&D centre of Government of India, Center of Dev...
RailTel connecting every corner of India
RailTel is an ICT provider and one of the largest neutral telecom infr...
REDINGTON INDIA LIMITED
Redington (India) Limited operates in the IT product distribution busi...
INGRAM MICRO INDIA PVT. LTD.
Ingram Micro India, a large national distributor offers a comprehensiv...
SATCOM INFOTECH PVT. LTD.
Satcom Infotech Pvt. Ltd is a distribution houses in security in India...