The business has acknowledged that popular password management tool LastPass has been compromised.
The company informed subscribers through email of what had happened and assured them that their passwords and other sensitive information were protected despite the attack.
The threat actor was able to access "portions of the LastPass development environment," according to the email, which was signed by the company's CEO, Karim Toubba. The email also stated that "our products and services are running normally."
Unusual behaviour
Toubba omitted information about the developer's account loss, including whether they had fallen victim to phishing or had infected one of the business's endpoints with malware.
The business began an investigation after initially noticing "strange activity" and discovered "no evidence that this incident involved any access to client data or encrypted password vaults." Nevertheless, LastPass implemented containment and mitigation strategies and hired a "top cybersecurity and forensics firm" to conduct additional research into what transpired.
The release states, "While our investigation is ongoing, we have established a state of containment, deployed additional heightened security measures, and see no further signs of illegal activity." "Based on what we have discovered and put into practise, we are considering more mitigation strategies to improve our environment."
All master passwords, vault data, and personal data are secure. LastPass reiterated, adding that there is currently no need for users to take any action or make any changes.
One of the most widely used password managers in the world, LastPass, boasted more than 25 million users two years ago.
Users can establish secure passwords and save them with the use of password managers. Users can also update their passwords using them.
periodically and are an excellent way to keep all passwords distinct, secure, and consistently updated, both for business passwords(opens in new tab) and at home, according to cybersecurity experts worldwide.
The top tools for preventing identity theft are listed below (opens in new tab).