LastPass had to report a data leak back in August. Now there has been another successful hack, with source code and technical information being stolen through unauthorized access to third-party cloud storage. A comment from Chris Vaughan, VP Technical Account Management, EMEA at Tanium.
“The recent LastPass hack is more serious than the previous incident because this time customer information was accessed, which was not the case before. The attackers were able to gain access to the system by using the data disclosed in the previous incident to gain access to the LastPass IT environment.”
Hack: LastPass placates customers
“The company says the passwords remain securely encrypted and that it is working to understand the scope of the incident to determine exactly what data was stolen. It can be assumed that the IT security team is working around the clock on this case and that their visibility of the network and the devices connected to it will be severely tested. Most organizations do not have the full visibility that is imperative to process the incident, from attack vector to damage analysis.”
Password managers are a popular target
“Password managers are an elusive but attractive target for cybercriminals because, if breached, they can instantly open a treasure trove of access to accounts and sensitive customer data. However, I believe that the benefits of a secure password management solution far outweigh the risks of an incident. Combined with the other security recommendations, this is still one of the best solutions to prevent credential theft and related attacks. We can only hope that customer confidence has not been shaken too badly by these recent attacks."
Customers should keep an eye on the news
“LastPass customers should continue to check the website and official communications for new leads. As the vulnerability spreads, users should reconsider their security practices. That could mean proactively changing their passwords or temporarily using a different password manager. Users should also use multi-factor authentication for the password management solution as it provides an extra layer of security in the event of a security breach.” Says Chris Vaughan, VP Technical Account Management, EMEA at Tanium.
More at Tanium.com
About Tanium
Tanium, the industry's only Converged Endpoint Management (XEM) provider, is leading the paradigm shift in traditional approaches to managing complex security and technology environments. Only Tanium protects every team, endpoint, and workflow from cyber threats by integrating IT, compliance, security, and risk into a single platform.