Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Community News around the World [NEWS] Password app LastPass hit by cybersecurity breach but says data remains safe

Thread Rating:
  • 461 Vote(s) - 3.46 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
[NEWS] Password app LastPass hit by cybersecurity breach but says data remains safe

Offline malamuteaspblumfkg


Luxury
*****
Luxury
Posts: 0
Threads: 0
Joined: Apr 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
12-01-2022, 06:19 AM
It's News Time Folks
Password manager LastPass has told customers that some of their information has been accessed in a cybersecurity breach, but says passwords remain safe.

LastPass is one of several password managers in the market that aims to reduce the reuse of passwords online, by storing themin a single app. It also makes it easier for users to generate strong passwords as required.

In August, LastPass determined that some of its source code and technical information was taken from unauthorised access to a third-party storage service the company had been using.

After an investigation the company said, while the threat actor had been able to access the company’s development environment, the system had prevented access to customer data or encrypted passwords.

At the time LastPass said the attacker had taken portions of source code and some proprietary LastPass technical information, but believed the risk to the app was limited.

LastPass said that its production environment was physically separate to the development environment and not directly connected. The company also conducted an analysis of its source code and production builds to verify there were no attempts to inject malicious code.

“Developers do not have the ability to push source code from the development environment into production,” the company said at the time.

“This capability is limited to a separate build release team and can only happen after the completion of rigorous code review, testing, and validation processes.”

However on Wednesday, the company’s CEO, Karim Toubba, advised customers that “an unauthorised party” using information gleaned from the previous attack had subsequently been able to access “certain elements of our customers’ information”.

LastPass did not say what specifically that information was, but said passwords remained safely encrypted. LastPass also has no access to customers’ master passwords, meaning only the user has access to decrypt the passwords they are storing.

“We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” Toubba said.

“In the meantime, we can confirm that LastPass products and services remain fully functional.”

Toubba said the company would put in place more security measures and monitoring to detect any more threat actor activity.
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through