"In an interview with ZDNET, Karim Toubba, the Chief Executive Officer of LastPass, said that the significant security incident that has dogged the firm's footsteps since 2022 became "a forcing function to drive a lot of changes.""
"In August of that year, an "unauthorized party" gained access to portions of the LastPass development environment via a compromised developer account and stole some of LastPass's source code and technical data. It didn't end there. Information stolen during this attack led to further compromise, including the theft of basic customer account information and related metadata -- such as names, billing addresses, email addresses, telephone numbers, and IP addresses. Furthermore, a backup copy of customer vault data was accessed. Although encrypted, it was still accessed by an intruder who managed to steal a master password from a senior engineer's home computer."
"The firm's security standards are now "beyond what would normally be expected of a standard security program." LastPass also says "security is at the very heart of what we do for the consumer.""
LastPass suffered a multi-stage security incident in 2022 that began with a compromised developer account and theft of source code and technical data. The initial theft enabled further compromises that exposed basic customer account information and related metadata and allowed access to an encrypted backup of customer vault data after an intruder obtained a master password from a senior engineer's home computer. The incident triggered a comprehensive overhaul of security controls, raising standards beyond typical programs and placing security at the center of consumer product decisions while the company continues implementing additional protections.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]