Data breach hits LastPass

SecurityWeek reports that LastPass had its source code and some proprietary technical data stolen following a cyberattack on its development environment two weeks ago. Despite the data breach, normal operations continue for LastPass's products and services, according to a statement from LastPass CEO Karim Toubba, which emphasized that the intrusion did not compromise customers' master passwords and encrypted password vault data. "In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity," said Toubba. Toubba added that more security defenses are being mulled for implementation in an effort to mitigate the risk of a similar attack in the future. Prior to the data breach, credential stuffing attacks have been launched to target users of the password management platform.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.