Hackers had internal access to LastPass for four days
By MYBRANDBOOK
Sharing more details about the security incident last month, password management solution LastPass disclosed that the threat actor had access to its systems for a four-day period in August 2022.
The company completed the investigation into the hack in partnership with incident response firm Mandiant, further adding that the access was achieved using a developer’s compromised endpoint. The threat actor utilised their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication.
LastPass CEO Karim Toubba said, “Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor’s activity and then contained the incident. There is no evidence of any threat actor activity beyond the established timeline, there is no evidence that this incident involved any access to customer data or encrypted password vaults.”
The CEO said that LastPass does not have any access to the master passwords of its customers’ vaults. “Without the master password, it is not possible for anyone other than the owner of a vault to decrypt vault data as part of our Zero Knowledge security model,” he said.
As informed earlier, the attacker failed to obtain any sensitive customer data owing to the system design and zero trust controls put in place to prevent such incidents. It also said it conducted source code integrity checks to look for any signs of poisoning and that developers do not possess the requisite permissions to push source code directly from the development environment into production.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : Dr. Sanjay Bahl
Dr. Sanjay Bahl has around four decades of experience in the ICT indus...
Icons Of India : Anil Kumar Lahoti
Anil Kumar Lahoti, Chairman, Telecom Regulatory Authority of India (TR...
Icons Of India : MUKESH D. AMBANI
Mukesh Dhirubhai Ambani is an Indian businessman and the chairman and ...
IOCL - Indian Oil Corporation Ltd.
IOCL is India’s largest oil refining and marketing company ...
NPCI - National Payments Corporation of India
NPCI is an umbrella organization for operating retail payments and set...
STPI - Software Technology Parks of India
STPI promotes and facilitates the growth of the IT and ITES industry i...
Indian Tech Talent Excelling The Tech World - Sundar Pichai, CEO- Alphabet Inc.
Sundar Pichai, the CEO of Google and its parent company Alphabet Inc.,...
Indian Tech Talent Excelling The Tech World - NIKESH ARORA, Chairman CEO - Palo Alto Networks
Nikesh Arora, the Chairman and CEO of Palo Alto Networks, is steering ...
Indian Tech Talent Excelling The Tech World - George Kurian, CEO, Netapp
George Kurian, the CEO of global data storage and management services ...