It also reinforces the need to educate clients how breaches happen, and sometimes you're just along for the ride so be as prepared as you can with proper policies and procedures. The breach appears to have been of the development servers, facilitated by a compromise of a LastPass developer account and took place two weeks ago. exposed in a data breach can be used to hijack multiple online accounts. The company said at the time that the personal information of multiple employees was eventually compromised in the attack. In the comments on Reddit someone linked to a podcast where they broke down. I'm not making excuses for the dev or for LastPass, clearly there were things that needed to be put in place to keep things more secure, however, given what is known of the attack, to what level do they need to secure themselves against a very formidable opponent?Īt a bare minimum, I feel it highlights weaknesses in vendors and the supply chain (again) as well as the need to continue addressing cyber security issues for companies large and small. In September last year, American Airlines disclosed a data breach after the email account of an employee was used in phishing attacks. After using LastPass for years, this breach led me to do something I should. But I don't want us to jump on and pitchforks and torches bandwagon when things are very clear in hindsight. Do I think there is still more to come? Almost certainly. slightly related, it just boggles my mind how the usa provides everyone with a ss number.
This was absolutely a failure in internal security policy and enforcement that allowed this to happen. ago If it wasnt Plex and this guy it would have been a different vuln in someone elses house.
#LASTPASS BREACH REDDIT UPDATE#
I feel as though the adversary here isn't your run of the mill malware operator or ransomware gang mainly because of the level of persistence (both of these attacks tied together) and sophistication (outlined previously).ĭo I think LastPass has handled this whole thing poorly? Absolutely. Lastpass says hackers accessed customer data in new breach bleepingcomputer This thread is archived New comments cannot be posted and votes cannot be cast 150 73 comments LogMeIn Is that what happened to quality so much for a sense of security. LastPass breach couldve been stopped with a 3-year-old Plex update androidpolice 1.3K 177 Technology 177 comments Best Add a Comment fubes2000 4 mo. But if it wasn't that Sr Dev, perhaps it would be another with some other style of attack. I'd like to think just having MFA on the vault may have made this entire attack improbable.
Upfront, wanting to make sure its clear I'm not defending anyone here:
0 kommentar(er)
