![]() The breach and security incident also revealed that LastPass stores unencrypted URLs in user vaults, a practice that can potentially expose users' credentials.Īs of now, we no longer recommend LastPass because we cannot trust the company to alert users promptly about future security incidents. In 2022, LastPass failed to immediately inform users after a malicious third party stole data related to their encrypted vaults. At PCMag, we expect password management companies to secure users' credentials and inform customers when their vaults may be at risk. Using a password manager is difficult without trusting the company behind the product. Keeping track of dozens or hundreds of strong and unique passwords isn't possible without a password manager. Instead, it's suspected that a leak through a third party was responsible for the spillage of master passwords, like keylogging malware on users' computers.At this time, we recommend open-source Editors' Choice winner Bitwarden for anyone looking to switch to a new password manager. LastPass flagged and denied the attempts because of their unusual geographic location and, just like this time, maintained that its servers were unaffected. The company’s servers recorded suspicious activity in December 2021 where the correct master passwords were used to attempt logging into several customer accounts. We couldn’t help but notice this isn’t LastPass’ first encounter with bad actors. The company adds that users don’t need to take any remedial action at this point. The company says LastPass services continue to operate normally and customer data as well as encrypted password vaults remain unaffected by the breach. ![]() It also sought the services of an unnamed cybersecurity firm to prevent such events in the future. As a boilerplate response, the company started an investigation (which is still underway) and deployed mitigation measures. LastPass CEO Karim Toubba says the company uncovered a breach where bad actors gained access to portions of the company’s source code and proprietary technical information through a single compromised developer account. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |