Register now for better personalized quote!

LastPass was hacked -- again

Aug, 29, 2022 Hi-network.com

LastPass, the popular password management service, recently announced that it was hacked. Specifically, LastPass's CEO Karim Toubba wrote that an "unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information."

This isn't the first time LastPass has had security problems. In 2021, it appeared that some users' LastPass Master Passwords may have been revealed. LastPass replied that it hadn't been breached, but users who had gotten emails warning them that an unknown person was trying to log into their accounts weren't convinced. Nevertheless, LastPass insisted that it was just the result of a credential stuffing attack. 

Also: Want to ditch LastPass? Here are the best alternatives to try

Recommends

The best password manager: Business and personal use

Everyone needs a password manager. If you're willing to pay a monthly or annual fee, these options are worth it.

Read now

In 2020, LastPass had a major outage, and users reported they couldn't log into their accounts or autofill passwords. In 2019, a significant LastPass security problem was uncovered by security researchers as well.

None of these problems alone are that bad. Yes, it's awful that one developer's account was hacked, but it happens. 

That said, it's still concerning that the biggest password security company -- with a claimed 20 million customers -- has significant, annual security problems.

True, as Toubba claimed, with this week's hack, "We have seen no evidence that this incident involved any access to customer data or encrypted password vaults." But with proprietary source code and technical secrets revealed, the possibility of an attack that could reveal users' passwords is certainly there.

This is yet another example of how proprietary code is less secure than open-source code. With open-source password programs, such as Bitwarden, all the code is checked by independent experts. This ensures potential security weaknesses can be spotted before they become security holes. 

In this case, however, LastPass has "engaged a leading cybersecurity and forensics firm" to investigate what happened. LastPass is also implementing enhanced security measures. They've seen "no further evidence of unauthorized activity." 

From where I sit, this is too little, too late. But it's still something. 

LastPass, with its zero-knowledge model, is still a good password security company. But if you want to look for another password manager, no one would blame you.

Related Stories:

  • LastPass password manager fine-tunes its multi-factor authentication options
  • Leaving LastPass? Here's how to get your passwords out

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.