captured source code
Hackers target LastPass password manager
08/26/2022, 19:00
The widely used password manager LastPass reports parts of its source code stolen. The company also shares the implications for its customers.
Many people use password managers so they don’t have to remember all their Internet access details. They are programs that encrypt all the combinations in a virtual safe, you just have to remember the administrator password. This often increases security, as users tend to use complicated combinations that are difficult to crack. But you get a sick feeling when you read that the password manager was attacked by hackers. That’s exactly what happened to LastPass, one of the most widely used credential vaults in the world.
Two weeks ago, unusual activity was noticed in parts of the LastPass development environment, CEO Karim Toubba writes in an email. blog post. Investigations have revealed that unknown persons have stolen portions of LastPass’ source code and some proprietary technical information through a compromised developer account.
No master passwords or stolen user data
However, Toubba stresses that no evidence was found that the attackers had access to customer data or encrypted password vaults. LastPass contracted with a leading cybersecurity and forensics company to investigate and implement additional security measures.
According to the attached FAQ, there was no way hackers could have captured master passwords because a supposed Zero Knowledge Architecture it is ensured that no one but the users can know them. For the same reason, no data stored in the vault was compromised. In addition, the investigation did not reveal any evidence of theft of users’ personal data. It is clear that LastPass does not recommend any other action to its customers.
It’s not the first attack
This is not the first time LastPass has been hacked. Last winter, attackers apparently tried to gain access to user vaults using passwords stolen from other hackers. Once again, the contents of the vault appear never to have been compromised as long as customers used a master one-time password, according to a statement from the company.”Apple insider information” it gave.
The fact that LastPass is secure was only confirmed in June Stiftung Warentest. Only two of the 16 test candidates certified very good security features. Because its handling is somewhat complicated and the product test found very clear deficiencies in the data protection declaration, LastPass did not get more than a satisfactory overall result.
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.
