On August 25th, Last Pass revealed that cyber criminals were able to breach their systems. While Last Pass assures it’s 25 million customers that their passwords have not been compromised, they say part of their source code was stolen. Unauthorized access to their developer environment was found to be an issue after abnormal activity was noticed by their team. Read their official statement.
CEO Karim Toubba, LastPass wrote the following in a response post about the incident:
“Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.”
As well as stating:
“After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.”
Last Pass continues to emphasize that customer data and information is safe and password vaults were not compromised. However, the source code and proprietary information that was stolen poses a warning for potentially future hacks.
This is also not the first breach within a year span that Last Past has faced either. In December 2021 users were warned of a hacker attack called a “credential stuffing attack” as hackers attempted to break into personal user information vaults. Last Pass assured at that time as well that no customer data was compromised.
Password managers such as Last Pass have become increasingly popular, both free and paid, and they encrypt customers logins and passwords which makes them easy to autofill for websites or apps. Cyber Security experts continue to recommend the use of 2FA (2-Factor Authentication) and app Authentication or biometric authentication when using services such as password managers to provide an additional layer of security against data breach risks.
Cybersecurity breaches and risks continue to pose a larger threat to customers and companies across the world year over year. It is extremely important to put into place measures to add additional security, as well as review your risk assessments.
For businesses, cybersecurity laws across the U.S. already put into place many measures that are quickly becoming mandatory to follow, such as yearly 3rd-Party Cyber Assessments, written risk addressing policies, staff training, and 24-72 hour reporting of any data breaches which, if they occur, can lead to major fines and penalties. (See: NYDFS NYCRR Part 500, SHIELD Act, or IDSL)
Don’t fall victim to a data breach or cybersecurity risk. We can help you make a plan and see if your data has been compromised with a Free Confidential Cybersecurity Risk Assessment. Risk Assessment | Motiva Networks