{"id":458079,"date":"2022-08-26T07:46:00","date_gmt":"2022-08-26T05:46:00","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=458079"},"modified":"2022-08-26T07:51:55","modified_gmt":"2022-08-26T05:51:55","slug":"worlds-biggest-password-manager-hacked","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/458079-worlds-biggest-password-manager-hacked.html","title":{"rendered":"World&#8217;s biggest password manager hacked"},"content":{"rendered":"<p>LastPass, a password manager used by more than 33 million people around the world, said a hacker recently stole source code and proprietary information after breaking into its systems.<\/p>\n<p>The company doesn\u2019t believe any passwords were taken as part of the breach and users shouldn\u2019t have to take action to secure their accounts, according to\u00a0<strong><a href=\"https:\/\/blog.lastpass.com\/2022\/08\/notice-of-recent-security-incident\/\" target=\"_blank\" rel=\"noopener noreferrer\">a blog post<\/a><\/strong>\u00a0on Thursday.<\/p>\n<p>An investigation determined that an \u201cunauthorised party\u201d cracked into its developer environment, which is the software that employees use to build and maintain LastPass\u2019s product.<\/p>\n<p>The perpetrators were able to gain access through a single compromised developer\u2019s account, the company said.<\/p>\n<div class=\"news-social-embedded\" data-social-media-type=\"twitter\" data-original-url=\"http:\/\/twitter.com\/LastPass\/statuses\/1562864726840725504\">\n<blockquote class=\"twitter-tweet\" data-dnt=\"true\">\n<p dir=\"ltr\" lang=\"en\">We recently detected unusual activity within portions of the LastPass development environment and have initiated an investigation and deployed containment measures. We have no evidence that this involved any access to customer data. More info:\u00a0<a href=\"https:\/\/t.co\/cV8atRsv6d\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/t.co\/cV8atRsv6d<\/a>\u00a0<a href=\"https:\/\/t.co\/HtPLvK0uEC\" target=\"_blank\" rel=\"noopener noreferrer\">pic.twitter.com\/HtPLvK0uEC<\/a><\/p>\n<p>\u2014 LastPass (@LastPass)\u00a0<a href=\"https:\/\/twitter.com\/LastPass\/status\/1562864726840725504?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener noreferrer\">August 25, 2022<\/a><\/p><\/blockquote>\n<\/div>\n<p>The attack struck a company that generates and stores hard-to-crack, auto-generated passwords for multiple accounts, like Netflix or Gmail, on behalf of its users \u2014 without the need to manually enter credentials.<\/p>\n<p>LastPass lists Patagonia, Yelp Inc. and State Farm as customers on its website.<\/p>\n<p>Cybersecurity website Bleeping Computer\u00a0<strong><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/lastpass-developer-systems-hacked-to-steal-source-code\/\" target=\"_blank\" rel=\"noopener noreferrer\">reported<\/a><\/strong>\u00a0that it had asked LastPass about the breach two weeks ago.<\/p>\n<p>Allan Liska, an analyst on the Computer Security Incident Response Team at cybersecurity company Recorded Future, said he was impressed with the \u201cspeedy notification\u201d from LastPass.<\/p>\n<p>\u201cWhile two weeks might seem like a long time to some, it can take a while for incident response teams to fully assess and report on a situation,\u201d he said. \u201cIt will take time to fully determine the extent of any damage that may have been as result of the breach. However, for now it appears to not be client-impacting.\u201d<\/p>\n<p>LastPass didn\u2019t immediately respond to a request for further comment.<\/p>\n<p>There was speculation on social media that hackers may be able to access the keys to password vaults after stealing source code and proprietary information.<\/p>\n<p>\u201cIt is unlikely that the stolen source code will give the criminals access to customer passwords,\u201d Liska said.<\/p>\n<h3 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/security\/457927-plex-hacked-usernames-and-hashed-passwords-compromised.html\" rel=\"bookmark\">Plex hacked \u2014 usernames and hashed passwords compromised<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>LastPass, a password manager used by more than 33 million people around the world, said a hacker recently stole source code and proprietary information after breaking into its systems.<\/p>\n","protected":false},"author":341034,"featured_media":458081,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[26872,461,31054,22994],"class_list":["post-458079","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-data-breach","tag-hacking","tag-lastpass","tag-password-managers"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/458079"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341034"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=458079"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/458079\/revisions"}],"predecessor-version":[{"id":458083,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/458079\/revisions\/458083"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/458081"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=458079"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=458079"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=458079"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}