Hackers had internal access to LastPass for four days
By MYBRANDBOOK
Sharing more details about the security incident last month, password management solution LastPass disclosed that the threat actor had access to its systems for a four-day period in August 2022.
The company completed the investigation into the hack in partnership with incident response firm Mandiant, further adding that the access was achieved using a developer’s compromised endpoint. The threat actor utilised their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication.
LastPass CEO Karim Toubba said, “Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor’s activity and then contained the incident. There is no evidence of any threat actor activity beyond the established timeline, there is no evidence that this incident involved any access to customer data or encrypted password vaults.”
The CEO said that LastPass does not have any access to the master passwords of its customers’ vaults. “Without the master password, it is not possible for anyone other than the owner of a vault to decrypt vault data as part of our Zero Knowledge security model,” he said.
As informed earlier, the attacker failed to obtain any sensitive customer data owing to the system design and zero trust controls put in place to prevent such incidents. It also said it conducted source code integrity checks to look for any signs of poisoning and that developers do not possess the requisite permissions to push source code directly from the development environment into production.
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Paytm brings UPI Lite Wallet for low-value transactions
Paytm’s parent company One97 Communications (OCL) is emphasizing upon UP...
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
AMARA RAJA POWER SYSTEMS LTD.
SECUREYE SERVICES PVT. LTD.
RELIANCE JIO INFOCOMM LTD.
VERSA NETWORKS INDIA PVT. LTD.
Technology Icons Of India 2023: Ashish Kumar Chauhan
Ashish works as the CEO of the National Stock Exchange (NSE). He is al...
Technology Icons Of India 2023: Amit Chadha
. An influential leader in the engineering services industry for over ...
Technology Icons Of India 2023: Ritesh Agarwal
Ritesh Agarwal Founder & CEO of OYO Hotels & Homes-World’s fastest g...
GeM maintains transparency in online procurement of goods & services
Created in a record time of five months, Government eMarketplace is a ...
BSE provides highly secure, efficient and transparent market for trading
BSE (formerly known as Bombay Stock Exchange Ltd.) is Asia's first & t...
PGCIL transforming India with its wide power transmission network
Engaged in power transmission, POWERGRID or PGCIL is a stated owned In...
INTEGRA MICRO SYSTEMS PVT. LTD.
Integra is a leading provider of innovative hi-technology products an...
RAH INFOTECH
RAH Infotech is India’s fastest growing technology value added dist...
SUPERTRON ELECTRONICS PVT. LTD.
Supertron deals in servers, laptops, components, accessories and is a...