Knowledge base

September 03, 2022

LastPass hacked: password manager with 25 million users confirms breach

One of the world’s largest password managers with 25 million users, LastPass, has confirmed that it has been hacked. In an advisory published on August 25, Karim Toubba, LastPass’ CEO, said that an unauthorized party had stolen “parts of LastPass’ source code and some proprietary Technical Information.”

Top 5 settings you should try in Microsoft Teams Chat

What was accessed during the LastPass network breach?

The breach appears to have been from the development servers, enabled by a compromise of a LastPass developer account and took place two weeks ago. Incident responders have contained the breach and LastPass says there is no evidence of further malicious activity. Toubba also confirmed that no evidence of customer data or encrypted password vaults being accessed was found.

Has your LastPass master password or password vault been compromised?

LastPass users will naturally worry that a hacker may have gotten their hands on the keys to their online kingdom: their passwords. However, LastPass has made it clear that, courtesy of its implemented “zero knowledge” architecture, master passwords are never stored. “LastPass can never know or access our customers’ master password,” said Toubba, “this incident did not compromise your master password.” As such, LastPass says no action is required by users regarding their password vaults.

Not their first rodeo

While LastPass should be congratulated for the transparency displayed in response to this incident, this is not the first time users of the password manager have had to deal with news of a breach. In June 2015, the company confirmed that hackers had gained access to the network. Then, unlike now, users were asked to change master passwords at login.

Concerns about what technical information was stolen from LastPass

It’s good news that customer data was not compromised in this latest incident, but the fact that the intruder had access to source code and “proprietary technical information” is concerning. Especially since there are no further details on what exactly was stolen.

Source: forbes

Want to know more?

Get in touch

Related
blogs

View all blogs
Governance Microsoft 365
February 13, 2024

I see, I see what you don’t: resources and governance in Microsoft 365

Read more
Een heldere basis voor de uitrol van governance
January 09, 2024

Go Governance or Go Home

Read more
October 03, 2023

Managing Governance and Compliance in Microsoft 365

Read more
microsoft purview
October 02, 2023

Microsoft Purview: Your Solution for Data Protection and Compliance

Read more
October 01, 2023

Improvements in Microsoft Teams: What’s New.

Read more
September 30, 2023

Windows 11 22H2 Adds Key Manager to Windows Hello

Read more
OpenAI-Header-chatgpt-can-now-see-hear-and-speak
September 29, 2023

ChatGPT Can Now Speak, Listen and Analyze Images

Read more
September 28, 2023

End-to-End Encryption comes to Teams Rooms on Android

Read more
Microsoft Intune
September 27, 2023

Is the New Microsoft Intune Suite the Right Step for Your Business?

Read more
September 26, 2023

Microsoft Defender for the Cloud: Increased Multi-Cloud Data Protection

Read more

Tech Updates: Microsoft 365, Azure, Cybersecurity & AI – Weekly in Your Mailbox.