Lastpass Compromised {again}
LastPass is a freemium password manager that stores encrypted passwords online. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones. It also includes support for bookmarklets. LogMeIn, Inc. (now GoTo) acquired LastPass in October 2015. On December 14, 2021, LogMeIn announced that LastPass would be made into a separate company and accelerate its release timeline. (Source Wikipedia)
The popular password manager, announced yesterday that they noticed another compromise on their network. They sent the following email notice to their customers.
Dear valued customer,
We are writing to inform you that we recently detected some unusual activity within portions of the LastPass development environment. We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. We have no evidence that this incident involved any access to customer data or encrypted password vaults. Our products and services are operating normally.
In response, we immediately initiated an investigation, deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.
Based on what we have learned and implemented, we are evaluating further mitigation techniques to strengthen our environment. We will continue to update our customers with the transparency they deserve.
We have set up a blog post dedicated to providing more information on this incident: https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/
We thank you for your patience as we work expeditiously to complete our investigation and regret any concerns this may have caused you.
Sincerely,
The Team at LastPass
Welcome to the Average Joe Weekly blog. This is basically my place on the web where I can help spread some of the knowledge that I have accumulated over the years. I served 10+ years in the Marine Corps on Active Duty, but that was some 25 years ago.
