LastPass: Attackers had access for four days – no risk to customer data

0
9
lastpass attackers had access for four days no risk.jpg
lastpass attackers had access for four days no risk.jpg

According to the operator, neither passwords were compromised nor user data viewed during the break-in into the servers of the password manager provider.

 

According to LastPass, a password manager provider, there was a breach in their server systems in August. The attackers are said to have had access to the internal development system and copied technical information and source code from there. Lastpass suspected that the attackers did not copy passwords or even have access to user data, but wanted to investigate further.

 

In an update to the first blog entry, LastPass CEO Karim Toubba announced that the investigation was complete. The attacker or attackers had access to the systems for a total of four days; later access can be ruled out. The attack was carried out via a compromised developer account. However, the design of the LastPass server is said to have prevented access to user data, and the passwords are also stored in encrypted form.

According to Toubba, LastPass also examined the source code and found no evidence of malicious code being injected.

Previous articleCloud provider Backblaze: SSDs last longer than hard drives
Next articleVulnerability in Teams: Microsoft token stored in plain text
Brian Adam
Professional Blogger, V logger, traveler and explorer of new horizons.