![]() What does all of this mean for LastPass subscribers? Also, in response to the breach, LastPass "prioritized and initiated significant investments in security, privacy and operational best practices" and "performed a comprehensive review of our security policies and incorporated changes to restrict access and privilege, where appropriate," according to the blog post. The company has completed its investigation into the data breach and said that it hasn't detected any unauthorized activity since October, according to the blog post. ![]() In the blog post, LastPass also offered its own recommendations on what business customers as well as individual customers should do to protect their data. On March 1, 2023, Toubba published a new blog post offering customers a lengthy update on where the situation stands, what data was accessed and what steps LastPass has taken to shore up its security. Toubba suggested that those users should consider changing the passwords of the websites they have stored. However, Toubba warned that those who don't have LastPass's default settings enabled and don't follow the password manager's best practices are at greater risk of having their master passwords cracked. Still, Toubba assured customers who follow LastPass's best practices for passwords and have the latest default settings enabled that no further action on their part is recommended at this time since their "sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass' Zero Knowledge architecture." It was then that the full severity of the situation finally came to light and the public found out that LastPass customers' personal data was in the hands of a threat actor and all of their passwords were at serious risk of being exposed. 22, Toubba issued a lengthy update to the blog post outlining the unnerving details regarding precisely what customer data the hackers were able to access in the breach. 30, Toubba updated the blog post once again to alert customers that the company "determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers' information." However, it turned out that the unauthorized party was indeed ultimately able to access customer data. Toubba assured customers at the time that their passwords and personal data were safe in LastPass's care. We can also confirm that there is no evidence that this incident involved any access to customer data or encrypted password vaults." "There is no evidence of any threat actor activity beyond the established timeline. During this timeframe, the LastPass security team detected the threat actor's activity and then contained the incident," Toubba said. "Our investigation revealed that the threat actor's activity was limited to a four-day period in August 2022. 15, Toubba updated the blog post to notify customers that the company's investigation into the incident had concluded. In August 2022, LastPass published a blog post written by Toubba saying that the company "determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information."Īt the time, Toubba said that the threat was contained after LastPass "engaged a leading cybersecurity and forensics firm" and implemented "enhanced security measures." But that blog post would be updated several times over the following months as the scope of the breach gradually widened. It even offers a Windows client, too, with support for Chrome and Edge browsers. iCloud Keychain is secure and easy to set up and use across all of your Apple devices. iCloud Keychain: Apple's built-in password manager for iOS, iPadOS and MacOS devices is an excellent LastPass alternative available to Apple users at no additional cost.It's also a breeze to use across all platforms. It has an excellent free tier and a wealth of top-notch premium features at a budget-friendly price. NordPass: A newer password manager developed by the folks behind NordVPN.1Password doesn't offer a free tier, but you can try it for free for 14 days. 1Password: Another excellent password manager that works seamlessly across platforms.Bitwarden's free tier allows you to use the password manager across an unlimited number of devices across device types. Bitwarden: CNET's top password manager is a highly secure and open-source LastPass alternative.
0 Comments
Leave a Reply. |