Cybersecurity experts have expressed concern over the latest data breach suffered by password manager LastPass. The cloud security firm has remained silent in the face of class action lawsuits related to multiple hacks against it last year.
LastPass first warned customers in August 2022 that “unauthorized parties have accessed parts of its network” via a developer’s compromised account, at which point hackers could have compromised customer data or encryption. I have verified that I am not accessing a password vault that is encrypted.
the company at that time pleaded guilty to a second offense In late November, someone said they used information accessed in the August hack to “access certain elements of customer information.” claimed to be
However, in the company’s latest blog update on December 22nd regarding the security incident, LastPass CEO Karim Toubba said that “threat actors” could be used to “use fully encrypted sensitive information such as website usernames and passwords. He admitted to copying backups of customer vault data, including fields, secure notes, and form-milled data.” That’s what experts sound the alarm.
CHATGPT Used To Create Malware, Ransomware: Report
Yiddy Lemmer, who owns New York-based IT support and cybersecurity company CompuConnect, still recommends FOX Business use a password manager to keep their data safe, but LastPass recommends I am saying that I have not. In fact, he stopped using his LastPass a few weeks ago after discovering the extent of the compromise.
“When I realized how bad it was, I switched immediately,” Lemmer said. “I’m not going to wait for the next hack until things get worse.” Lemmer now uses her LastPass competitor, Bitwarden, to manage passwords.
Galactic Advisors, a Nashville, Tennessee-based cybersecurity firm, alerted customers to the LastPass hack on January 3, stating that “some of the unencrypted data exposed in the attack was used for purposes other than phishing. We have received information indicating that it may be used in .”
Chick-FIL-A Encourages Customers to Take Action and Investigates “Fraud” on Mobile App Accounts
That same week, LastPass was hit with a class action lawsuit from a former customer, claiming that hacking resulted in someone gaining access to private keys stored in LastPass and stealing approximately $53,000 worth of bitcoin.
LastPass CEO Toubba has not provided an update on the security incident on the company’s blog since December 22nd, and the company has yet to respond to multiple requests for comment from FOX Business.
Russ Reeder, CEO of cybersecurity firm Netrix Global, said it was important for companies to keep their clients informed and provide clear communication to protect those affected by a data breach early. says there is.
CLICK HERE TO GET FOX BUSINESS ON THE GO
He added, “It’s scary when the password keeper companies we’ve been trained to trust are compromised.”
LogMeIn has announced that it will spin off LastPass as an independent company in December 2021. At the time, LastPass had 30 million users and served more than 85,000 businesses.