The flaw made the password manager susceptible to cyber criminals launching clickjacking attacks. In 2019, the company patched a vulnerability which could have led to users exposing the password they previously used on the last site they visited. The team admitted that it didn’t have a lot of evidence which signalled an explicit problem, but said “where there’s smoke there could be fire”. It reported that it had experienced a network traffic anomaly from a non-critical machine, and concluded that this could have been an attack. In 2011, the company told customers to change their passwords due to a possible security breach. This isn’t the first time the company has been a victim of a hack. The company clarified that users’ master password hasn’t been compromised and also doesn’t recommend any action on behalf of users or administrators for now. “While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorised activity,” said Toubba. It’s also evaluating further mitigation techniques to strengthen its environment. In response to the incident, LastPass has deployed containment and mitigation measures and engaged a leading cyber security forensics firm. The company’s products and services are operating normally, Toubba underlined. The unauthorised party gained access to the development environment through a single compromised developer account and took portions of the source code and some proprietary technical information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |