Breach, Incident Response

Cybersecurity experts condemn LastPass breach announcement

LastPass' announcement of a significant breach on its platform that resulted in hackers obtaining access to users' password vaults in November has been denounced by cybersecurity experts to downplay the severity of the intrusion, reports The Verge. Security researcher Wladimir Palant said that LastPass has not been transparent in depicting the data breach it experienced in August, which the company noted to have resulted in the theft of "some source code and technical information." While LastPass has regarded the August breach as a separate incident, Palant said that the password management platform has only "failed to contain" the incident. LastPass' claim of having a 'zero knowledge' architecture has also been slammed by security researcher Jeremi Gosney to be "a bald-faced lie." "I think most people envision their vault as a sort of encrypted database where the entire file is protected, but no with LastPass, your vault is a plaintext file and only a few select fields are encrypted," said Gosney.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.