"LastPass failed customers and fell short on expectations that the company would employ robust measures to protect personal data. Password managers are a safe and effective tool for businesses and the public to manage their numerous login details and we continue to encourage their use, he said. However, as is clear from this incident, businesses offering these services should ensure that system access and use is restricted to ensure risks of attack are significantly reduced,"
"In the first incident, a hacker compromised an employee's corporate laptop and gained access to the company's development environment. While no personal information was taken, encrypted company credentials were - which, if decrypted, would allow access to the company's backup database. LastPass took steps to mitigate the hacker's activity, but thought the encryption keys were safe, as they were stored in the account vaults of four senior employees, outside the area accessed by the hacker."
The Information Commissioner's Office fined LastPass £1.2 million for failing to implement sufficiently robust technical and security measures after two linked incidents in August 2022 put over 1.6 million customers at risk. A hacker compromised an employee's corporate laptop and accessed the company's development environment, removing encrypted company credentials that could, if decrypted, grant access to backup databases. LastPass took mitigation steps and believed encryption keys were secure because they were stored in four senior employees' account vaults outside the compromised area. The commissioner emphasized that password manager providers must restrict system access to reduce attack risks.
Read at www.itpro.com
Unable to calculate read time
Collection
[
|
...
]