An intrusion has been detected in the application development environment LastPass. A disturbing revelation for this password manager freemium.
A security was bypassed in a cybercrime action two weeks ago now. The information was relayed on August 25 by its CEO Karim Toubba in a press release on the application’s official website.
User data stays safe
As confirmed by this report, cybercriminals would not have succeeded in stealing user data present on the software. Fortunately, because for some, all of their passwords are stored there.
This attack, which occurred two weeks earlier, was spotted as a result of “suspicious activity” in parts of the development environment. For now, it seems that the kidnappers have only recovered parts of the source code and some technical information.
The objective of the hackers: to get their hands on the “Master Password”, the password of the LastPass account, which then gives access to all the identifiers stored in the safe. Uncompromised password in the words of founder Karim Toubba, who states that “ this incident did not compromise your Master Password “.
An attack with little impact for the moment, which prompted LastPass to strengthen its security measures to prevent any further intrusion into its system. Containment and mitigation measures have been taken by the company, while calling on specialists in cybersecurity and forensic expertise.
Valuable data that is the target of hackers
This targeted attack is not without importance, since it underlines the interest of hackers for these password management software. LastPass celebrated its 25 million users in 2020, with the support of nearly 7,000 companies. We understand better the stakes behind this attack.
But LastPass is not the only potential target in the world of password managers, let’s also remember that software like KeePass, 1Password, Dashlane, NordPass, Keeper, Enpass, RoboForm, or even Bitwarden are just as likely to attract the Pirates.
So far, no leaks have been recognized, but the intrusion may scare off some users of this type of platform. Attack that will raise questions: is it wise to put all your eggs in the same basket, even if the latter is deemed impossible to break through?
Sources: Neowin, LastPass
Despite its flaws, the password is still the main key to accessing accounts and protecting sensitive data. It is still necessary to respect a few basic rules which appear as so many constraints. The two main ones are remembering and managing unique passwords. With a password manager, it’s no longer a headache. The offer is now very wide, here is our selection (updated July 2022).
Read more
3