source code captured
Hackers target password manager LastPass
08/26/2022, 7:00 pm
The widely used password manager LastPass reports the theft of parts of its source code. The company also shares the implications for its customers.
Many people use password managers to avoid having to remember all their Internet access data. These are programs that keep all combinations encrypted in a virtual safe, all you need to do is remember the password of the manager. This usually increases security, as users tend to use complex combinations that are difficult to crack. But when you read that the password manager itself has been attacked by hackers, you feel uneasy. That’s exactly what happened with LastPass, one of the most widely used credential vaults in the world.
Two weeks ago, unusual activity was observed in parts of the LastPass development environment, writes CEO Karim Tubba in an email. blog post, The investigation revealed that unidentified individuals stole parts of the source code and some proprietary technical information from LastPass through a compromised developer account.
Neither master password nor user data theft
However, Tubba insisted that no evidence was found that the attackers had access to customer data or encrypted password vaults. LastPass hired a leading cybersecurity and forensics company to investigate and implement additional security measures.
According to the attached FAQ, there was no way hackers could capture the master password as a so-called zero-knowledge architecture It is ensured that no one else but the users can know them. For that reason, none of the data stored in the vault was compromised. In addition, the investigation did not find any evidence of theft of personal user data. It is clear that LastPass does not recommend further action to its customers.
not the first attack
This isn’t the first time LastPass has been hacked. Last winter, attackers apparently attempted to gain access to user vaults using passwords stolen from other hacks. Once again, the Vault content has never been compromised, as long as customers use a one-time master password, according to a statement from the company.Apple Insider” Gave.
The fact that LastPass is secure was only confirmed in June Stitching Warrentest, Only two out of 16 candidates certified very good security practices. Because its handling is somewhat complex and product testing found very obvious deficiencies in the data protection announcement, LastPass received no more than a satisfactory overall result.