LastPass' announcement of a significant breach on its platform that resulted in hackers obtaining access to users' password vaults in November has been denounced by cybersecurity experts to downplay the severity of the intrusion, reports The Verge.
Security researcher Wladimir Palant said that LastPass has not been transparent in depicting the data breach it experienced in August, which the company noted to have resulted in the theft of "some source code and technical information." While LastPass has regarded the August breach as a separate incident, Palant said that the password management platform has only "failed to contain" the incident. LastPass' claim of having a 'zero knowledge' architecture has also been slammed by security researcher Jeremi Gosney to be "a bald-faced lie." "I think most people envision their vault as a sort of encrypted database where the entire file is protected, but no with LastPass, your vault is a plaintext file and only a few select fields are encrypted," said Gosney.
SiliconAngle reports that nearly 10 million customers of U.K. retailer JD Sports Fashion had their data stolen after a hack of its systems, impacting its JD, Blacks, Millets, MilletSport, Size?, and Scotts brands.