CRN reports that popular desktop-sharing and virtual meeting software provider GoTo and password manager affiliate LastPass had their shared third-party cloud storage service compromised by still undetermined attackers.
Some LastPass customer details were accessed by attackers who were able to hack the cloud storage service using information from an intrusion in August, which involved a breach of the company's developer environment due to a previously compromised developer account, according to LastPass CEO Karim Toubba, who emphasized that no customer passwords have been compromised as they were encrypted with the platform's Zero Knowledge architecture.
Meanwhile, no unauthorized access to customer data was confirmed by GoTo CEO Paddy Srinivasan. Investigation into the incident is underway, with both executives emphasizing that GoTo and LastPass products and services have not been disrupted as a result of the breach.
"We are working diligently to understand the scope of the incident and identify what specific information has been accessed," said Toubba.
Zero-trust controls will not be able to sufficiently protect systems against 50% of cyberattacks, such as social engineering attacks and API-based threats, by 2026, indicating that the technology is not a silver bullet against cyber threats, according to VentureBeat.