Tech

New “security incident” in LastPass puts users on alert

LastPass is possibly the most popular password service in the world, a pioneering manager in its category that in a few years now, has not been going through its best moment. The growing and better competition is compounded by continued security breaches, of which it seems that it has just suffered a new one.

This is confirmed by the CEO of LastPass in an alert note in which he acknowledges that they have detected an unusual activity in a cloud storage shared with partners, they have reported it to the authorities and an auditing firm and are waiting for the investigation to conclude to learn more and communicate it to their users.

Namely, they have seen something strange, but still do not know the extent of the problem, if there was. And everything points to yes, according to the message and recent events around the password service. In fact, they remember the last security incident they suffered, since it is very likely that whatever happened now, is based on it.

Namely, LastPass disclosed a security breach last August.a cyberattack that resulted in the theft of a large amount of data, both their own and that of their clients, although as they always strive to emphasize, the users’ master passwords are kept encrypted on the client side, so they never handle this information.

Forgot password, lost bitcoins?

The incident, however, was even more serious than it seemed at first, as the attackers even stole source code owned by LastPass, although as the service pointed out then, the development environment is kept separate from customer data. … but not of their employees, the loophole through which they slipped then and through which they could have slipped now.

Thus, they have a suspicion in LastPass that, using the data stolen the previous occasion, they have now used it to carry out it is not clear what, but nothing good… although not potentially very harmful, except for the reputation of the company. They will say what happened when the ongoing investigation is over. The problem is that behind one goes another and there are already a few.

It’s hard to say, because using a password manager is always recommended, but it’s almost worth using the one that comes with browsers, because for practical purposes it’s the same or more secure than what LastPass is proving to be. Also alternative services such as Bitwarden, although they are likely to suffer the same fate. Yes, browsers too, but between Mozilla, Google or LastPass…

Related Articles