Quick News Bit

LastPass was hacked — again

0
LastPass

LastPass, the popular password management service, recently announced that it was hacked. Specifically, LastPass’s CEO Karim Toubba wrote that an “unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.”

This isn’t the first time LastPass has had security problems. In 2021, it appeared that some users’ LastPass Master Passwords may have been revealed. LastPass replied that it hadn’t been breached, but users who had gotten emails warning them that an unknown person was trying to log into their accounts weren’t convinced. Nevertheless, LastPass insisted that it was just the result of a credential stuffing attack

Also: Want to ditch LastPass? Here are the best alternatives to try

In 2020, LastPass had a major outage, and users reported they couldn’t log into their accounts or autofill passwords. In 2019, a significant LastPass security problem was uncovered by security researchers as well.

None of these problems alone are that bad. Yes, it’s awful that one developer’s account was hacked, but it happens. 

That said, it’s still concerning that the biggest password security company — with a claimed 20 million customers — has significant, annual security problems.

True, as Toubba claimed, with this week’s hack, “We have seen no evidence that this incident involved any access to customer data or encrypted password vaults.” But with proprietary source code and technical secrets revealed, the possibility of an attack that could reveal users’ passwords is certainly there.

This is yet another example of how proprietary code is less secure than open-source code. With open-source password programs, such as Bitwarden, all the code is checked by independent experts. This ensures potential security weaknesses can be spotted before they become security holes. 

In this case, however, LastPass has “engaged a leading cybersecurity and forensics firm” to investigate what happened. LastPass is also implementing enhanced security measures. They’ve seen “no further evidence of unauthorized activity.” 

From where I sit, this is too little, too late. But it’s still something. 

LastPass, with its zero-knowledge model, is still a good password security company. But if you want to look for another password manager, no one would blame you.

Related Stories:

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment