Password manager LastPass notified customers Thursday that they suffered a data breach that compromised source code and proprietary technical data. The password manager said they noticed unusual activity about two weeks ago in a developer account and began investigating the issue. LastPass stores encrypted passwords virtually for web browsers and smartphones. The security model creates strong passwords for all apps and websites and requires users only to remember one strong password to access their password management account.
“After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults,” LastPass CEO Karim Toubba wrote in the customer notice. The company stores passwords for more than 33 million users worldwide. LastPass said they hired an outside cybersecurity team to help with the forensic investigation and have taken additional steps to limit future intrusion.
Password management tools are recommended in the cybersecurity industry because they help to prevent users from reusing or creating weak passwords. Password studies continue to show that users choose simple passwords if given the option and reuse passwords on different platforms.
“We utilize an industry-standard ‘zero-knowledge’ architecture that ensures LastPass can never know or gain access to our customers’ Master Password [and it] ensures that only the customer has access to decrypt vault data,” according to LastPass.
Critics argue the breach could be a first attempt to find where data is stored, business resources to exploit, or vulnerable supplier networks.
Similar to hackers getting around MFA vulnerabilities of cybersecurity tools will happen, but the underlying mechanisms are still better than not using them in the first place. Password managers result in better end-user password security, but they are also significant targets for attackers. LastPass goes to great lengths to ensure even their employees cannot access personal passwords.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.