25.08.2022., 23:26
|
#92
|
|
McG
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 8,194
|
LastPass developer systems hacked to steal source code
Citiraj:
Password management firm LastPass was hacked two weeks ago, allowing threat actors to steal the company's source code and proprietary technical information. The disclosure comes after BleepingComputer learned of the breach from insiders last week and reached out to the company on August 21st without receiving a response. Sources told BleepingComputer that employees were scrambling to contain the attack after LastPass was breached. After requests for information, LastPass released a security advisory today confirming that the company was breached through a compromised developer account that was used to access the company's developer environment.
While LastPass says there is no evidence that customer data or encrypted password vaults were compromised, the threat actors did steal portions of their source code and "proprietary LastPass technical information." LastPass has not provided further details regarding the attack, how the threat actors compromised the developer account, and what source code was stolen. LastPass is one of the largest password management companies in the world, claiming to be used by over 33 million people and 100,000 businesses. As consumers and businesses use the company's software to store their passwords securely, there are always concerns that if the company was hacked it could allow threat actors access to stored passwords.
However, LastPass stores passwords in 'encrypted vaults' that can only be decrypted using a customer's master password, which LastPass says was not compromised in this cyberattack. Last year, LastPass suffered a credential stuffing attack that allowed threat actors to confirm a user's master password. It was also revealed that LastPass master passwords were stolen by threat actors distributing the RedLine password-stealing malware. Due to this, it is vital to enable multi-factor authentication on your LastPass accounts so that threat actors won't be able to access your account even if your password is compromised.
|
Izvor: BleepingComputer
__________________
AMD Ryzen 9 9950X | Noctua NH-U12A chromax.black | MSI MAG B650 Tomahawk Wi-Fi | 128GB Kingston FURY Beast DDR5-5200 | 256GB AData SX8200 Pro NVMe | 2x4TB WD Red Plus | Fractal Define 7 Compact | Seasonic GX-750
AMD Ryzen 5 7600 | Noctua NH-U12A chromax.black | MSI MAG B650 Tomahawk Wi-Fi | 128GB Kingston FURY Beast DDR5-5200 | 256GB AData SX8200 Pro NVMe | 2x12TB WD Red Plus | Fractal Define 7 Compact | eVGA 650 B5
|
|
|