No customer data appears to have been accessed in this initial incident, Toubba wrote.
What they're saying: "The length of the investigation left us with difficult trade-offs to make in that regard," Toubba wrote in the post. The advisory with these new details wasn't widely shared and included an HTML code to prevent the post from appearing in search engines.The advisory also disclosed that attackers in the second reported incident had access to LastPass' cloud storage between August and October.A few days before Christmas, the company disclosed there was actually a second breach that piggybacked off the access hackers got from the first incident that resulted in sensitive user information being hacked.ĭriving the news: This week, the company shared in a difficult-to-find security advisory that attackers initially gained access to LastPass' systems by targeting a key employee's home computer.Initially, the company told users in August that the initial data breach was limited to LastPass' development environment and didn't affect customer data."I accept the criticism and take full responsibility."Ĭatch up quick: In the last six months, LastPass has gone back on how serious its recent cybersecurity incidents have actually been. "I acknowledge our customers’ frustration with our inability to communicate more immediately, more clearly, and more comprehensively throughout this event," Toubba wrote.A data breach is high-stakes for any password manager considering they store a user's login information across various online accounts in one place.The big picture: LastPass, a password manager with roughly 30 million users, has been called out by customers for sharing limited information about two cyber incidents that happened in August. LastPass CEO Karim Toubba said in a blog post Wednesday he takes full responsibility for his company's communications failures about recent cybersecurity incidents.
0 kommentar(er)
