In this photo illustration, the LastPass logo is reflected on the internal discs of a hard drive in 2017 in London. On Wednesday, the password service reported"unusual activity" within a third-party cloud storage service but said that customers' passwords remain safely encrypted.In this photo illustration, the LastPass logo is reflected on the internal discs of a hard drive in 2017 in London.
"We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement," Toubba wrote in a statement.An unauthorized party gained access to parts of the LastPass development environment during a four-day period in August. There was no evidence of access to customer data, Toubba wrote after this first breach, noting that the development environment does not contain any customer data.
Three months later, the same party used the information it gained in August to access"certain elements" of customers' information, Toubba said."We are working diligently to understand the scope of the incident and identify what specific information has been accessed," Toubba said."In the meantime, we can confirm that LastPass products and services remain fully functional.
Still, the company recommended that its users"follow our best practices around setup and configuration,"
This is why companies should stop having ridiculous password requirements that no one can remember.
HardPass
D'Oh!
They’re a huge target being honest about the outcomes of constant attacks, and the passwords stayed encrypted. I’m impressed
as long as it’s not a colonel password manager, we gucci
Madness
And we keep being told that post it notes are not secure. 🤣
No one can hack a paper list of passwords. Analogue for me.
Really?
BitWarden is better btw.