Published: September 18, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
We said it could happen, and it has. It’s not the first time a security incident has plagued the company. We’ll get to those previous ones later. This time, the popular password management software provider, LastPass, experienced a data compromise that targeted portions of the company’s development environment, including the source code and parts of the company’s technical data. According to a press release from LastPass CEO, Karim Toubba, the attack was perpetrated through one compromised developer account. The result was illegal access to certain portions of company’s proprietary technical data and source code.
Reportedly, the breach was detected early allowing the company to engage quick mitigation and containment measures with the help of a top-tier cyber security and forensics company. The prompt response by the company which boasts of over 33,000,000 users, prevented the illegal access to the personal data of users.
There was no evidence that any user’s Master Password or vault data was illegally accessed and LastPass says user accounts remain fortified and safe, since the company does not store Master Passwords. With its architecture design, it claims that no one other than the account owner can gain access to or know the Master Password.
While no user data or personal information was breached, it’s still a wise choice to change your master password, if you do use this service. Any time there is a breach of an organization with which you have an account, you can mitigate potential fraud by doing this. Make sure it’s at least eight characters and includes a combination of letters, numbers, and special characters.
Also, never give out passwords to anyone. Organizations like LastPass should never ask you for it and if they do, you should definitely question it. Whatever you do, don’t provide it.
If you do use a password manager to keep track of all of your passwords—and we know that remembering them is quite a daunting task—keep in mind that incidents like this can happen. Though they say the master password was not compromised, that may not be the case should it happen again. We also don’t know what may happen since their development code was compromised. And if your master password for any of these password managers is compromised, the rest of your passwords are too.
LastPass claims it is ensuring the continued safety of user data, by reviewing the entire incident with a viewpoint of understanding the best techniques on how to fortify their operating environment. At the moment, existing security measures have been heightened with the company saying that since the initial hack, no further unauthorized access to their systems has been detected and none of their other products are affected.
In 2021, there were questions about whether or not some users’ master passwords were revealed, though LastPass said it had not been breached. In 2019, there was a security incident where a flaw exposed credentials that were entered on a previously visited site that affected Chrome and Opera users.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com