To mitigate password cracking attacks such as credential stuffing, users should avoid using the same password for multiple accounts and enable multi-factor authentication (MFA) whenever possible. In credential stuffing attacks, perpetrators brute-force accounts using passwords leaked in data breaches. The platform automatically blocked the attempts that came from unrecognized locations or devices. Last year, several LastPass users fell victim to suspected credential stuffing attacks and were notified by the platform that someone tried logging into their accounts using their master passwords. “While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.” “In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm,” reads the security advisory. The company left out some critical information, including what portions of the source code were stolen and how the attack took place. While the perpetrators ran off with critical data, including parts of the company’s source code and “proprietary LastPass information,” the company says that encrypted password vaults and customer data show no indicators of compromise. Two weeks ago, we detected some unusual activity within portions of the LastPass development environment.Īfter rumors of the attack surfaced, LastPass confirmed it yesterday in a security advisory, adding that threat actors used a compromised developer account to break into the company’s developer environment. Portions of the company’s source code and proprietary technical information were stolen, Bleeping Computer reported. The LastPass password management platform disclosed it was targeted by a cyberattack two weeks ago.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |