Parsing LastPass' Data Breach Notice

by
hubie
from SoylentNews on (#674B2)

upstart writes:

What LastPass said - and hasn't said - about its second data breach this year:

Two weeks ago, the password manager giant LastPass disclosed its systems were compromised for a second time this year.

Back in August, LastPass found that an employee's work account was compromised to gain unauthorized access to the company's development environment, which stores some of LastPass' source code. LastPass CEO Karim Toubba said the hacker's activity was limited and contained, and told customers that there was no action they needed to take.

Fast-forward to the end of November, and LastPass confirmed a second compromise that it said was related to its first. This time around, LastPass wasn't as lucky. The intruder had gained access to customer information.

In a brief blog post, Toubba said information obtained in the August incident was used to access a third-party cloud storage service that LastPass uses to store customer data, as well as customer data for its parent company GoTo, which also owns LogMeIn and GoToMyPC.

But since then, we've heard nothing new from LastPass or GoTo, whose CEO Paddy Srinivasan posted an even vaguer statement saying only that it was investigating the incident, but neglected to specify if its customers were also affected.

[...] Over the years, TechCrunch has reported on countless data breaches and what to look for when companies disclose security incidents. With that, TechCrunch has marked up and annotated LastPass' data breach notice with our analysis of what it means and what LastPass has left out - just as we did with Samsung's still-yet-unresolved breach earlier this year.

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments