World’s Most Popular Password Manager, With More Than 33 Million Users, Discloses “Security Incident”
LastPass, one of the world’s most popular password managers, has confirmed it has been hacked…err, has had a “security incident”.
Last week the company started notifying its users of a “recent security incident” where an “unauthorized party” gained access to a developer account and accessed parts of its password manager’s source code and “some proprietary LastPass technical information,” according to The Verge.
The company said that some source code was stolen, but that no passwords were taken.
It wrote a letter to its users on Wednesday which stated: “Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.”
It continued: “We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally.”
“In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity,” the letter concluded.
In a FAQ attached to the bottom of the letter, the company says that users Master passwords had not been compromised: “This incident did not compromise your Master Password. We never store or have knowledge of your Master Password. We utilize an industry standard Zero Knowledge architecture that ensures LastPass can never know or gain access to our customers’ Master Password.”
The company also said that no data from clients vaults had been taken because the hack happened in the developer environment. The letter wrote: “This incident occurred in our development environment. Our investigation has shown no evidence of any unauthorized access to encrypted vault data. Our zero knowledge model ensures that only the customer has access to decrypt vault data.”
LastPass is used by more than 33 million clients worldwide.
According to the Verge report, the company has explained to its users that they don’t have to do anything specific to respond to the hack. And, as long as this week’s disclosure covered the extent of it, and there’s no additional details about the breach that come out over the next few days, maybe LastPass (and its users) can move forward from the incident…
0 Comments
Latest Hacked Sites
- Shopper+ - 878,290 breached accounts March 11, 2023In March 2023, "Canada's online shopping mall" Shopper+ disclosed a data breach discovered on a public hacking forum. The breach dated back to September 2020 and included 878k customer records with email and physical addresses, names, phone numbers and in some cases, genders and dates of birth.
- HDB Financial Services - 1,658,750 breached accounts March 11, 2023In March 2023, the Indian non-bank lending unit HDB Financial Services suffered a data breach that disclosed over 70M customer records. Containing 1.6M unique email addresses, the breach also disclosed names, dates of birth, phone numbers, genders, post codes and loan information belonging to the customers.
- Eye4Fraud - 16,000,591 breached accounts March 6, 2023In February 2023, data alleged to have been taken from the fraud protection service Eye4Fraud was listed for sale on a popular hacking forum. Spanning tens of millions of rows with 16M unique email addresses, the data was spread across 147 tables totalling 65GB and included both direct users of the service and what appears […]
- iD Tech - 415,121 breached accounts March 6, 2023In February 2023, the tech camps for kids service iD Tech had almost 1M records posted to a popular hacking forum. The data included 415k unique email addresses, names, dates of birth and plain text passwords which appear to have been breached in the previous month. iD Tech did not respond to multiple attempts to […]
- LBB - 39,288 breached accounts March 5, 2023In August 2022, customer data of the Indian shopping site "LBB" (Little Black Book) was posted to a popular hacking forum. The data contained over 3M records with 39k unique email addresses alongside IP and physical addresses, names and device information with the most recent data dating back to early 2019. LBB advised they believe […]
- GunAuction.com - 565,470 breached accounts March 2, 2023In December 2022, the online firearms auction website GunAuction.com suffered a data breach which was later discovered left unprotected on the hacker's server. The data included over 565k user records with extensive personal data including email, IP and physical addresses, names, phone numbers, genders, years of birth, credit card type and passwords stored in plain […]
- Convex - 150,129 breached accounts February 26, 2023In February 2023, the Russian telecommunications provider Convex was hacked by "Anonymous" who subsequently released 128GB of data publicly, alleging it revealed illegal government surveillance. The leaked data contained 150k unique email, IP and physical addresses, names and phone numbers.
- RealDudesInc - 101,543 breached accounts February 19, 2023In October 2022, the GTA mod menu provider RealDudesInc suffered a data breach that exposed over 100k email addresses (many of which are temporary guest account addresses). The breach also included usernames and bcrypt password hashes.
- Weee - 1,117,405 breached accounts February 8, 2023In February 2023, data belonging to the Asian and Hispanic food delivery service Weee appeared on a popular hacking forum. Dating back to mid-2022, the data included 1.1M unique email addresses from 11M rows of orders containing names, phone numbers and delivery instructions.
- LimeVPN - 23,348 breached accounts February 6, 2023In October 2020, the VPN provider LimeVPN suffered a data breach that exposed the personal information of tens of thousands of customers. The data included email, IP and physical addresses, names, phone numbers, purchase histories and passwords stored as salted MD5 hashes.
NY Times
- Inside the Tent Camp Housing Thousands of Migrant Children – ‘No Place for a Child’
Migrant children and families are sleeping shoulder to shoulder on mats in a Texas border facility designed for 250 people that is now holding more than 4,100, according to some of the first photographs to emerge from the crowded camp that has become a focal point of the Biden administration’s struggles to absorb thousands of […]
- Atl Suspect’s Fixation on Sex Is Familiar Thorn for Evangelicals
“Sex addiction” is not an established psychiatric diagnosis, and there is a debate in the mental health community about how to define and treat compulsive sexual behavior. “There’s no evidence-based treatment for sex addiction,” said Joshua Grubbs, an assistant professor of psychology at Bowling Green State University and a clinical psychologist. Evangelical sex addiction treatment […]
- Tom Cotton Mocks Social Justice Warriors at New York Times in CPAC Speech
Sen. Tom Cotton (R-AR) on Friday mocked “social justice warriors” at the New York Times and their “meltdown” this summer over his op-ed in the paper calling for troops to restore order during the rioting at the time. Speaking on the first day of the Conservative Political Action Committee (CPAC) in Orlando, Florida, Cotton recalled how hundreds […]
- Congress Clears 2-Day Spending Extension to Finalize Stimulus Deal
Negotiators worked into Friday night to put the finishing touches on key details of the stimulus compromise, continuing negotiations on how long unemployment benefits should last, how to distribute federal relief for small businesses and the extension of a federal eviction moratorium. The plan was expected to revive the Paycheck Protection Program, a loan program […]
- SACRAMENTO Unemployment Scam Using Inmates Names Costing California Hundreds of Millions
SACRAMENTO — A rash of fraudulent pandemic unemployment claims filed under the names of jail and prison inmates, including more than 100 on death row, has bilked California out of hundreds of millions of dollars, a law enforcement task force said Tuesday. In a letter to Gov. Gavin Newsom, the task force, led by district […]
- Politics, Science and the Remarkable Race for a Corona Vaccine
WASHINGTON — The call was tense, the message discouraging. Moncef Slaoui, the head of the Trump administration’s effort to quickly produce a vaccine for the coronavirus, was on the phone at 6 p.m. on Aug. 25 to tell the upstart biotech firm Moderna that it had to slow the final stage of testing its vaccine […]
- Newsom Do as I Say, Not as I Dine Coronavirus Message
SAN FRANCISCO — It was an intimate meal in a wood-paneled, private dining room in one of California’s most exclusive restaurants. No one around the table wore masks, not the lobbyists, not even the governor. [Sign up for California Today, our daily newsletter from the Golden State.] Photos that surfaced this week of a dinner […]
Washington Post
- Donald Trump Shreds ‘Fake News Media’ in Series of Videos: ‘Not Reporting with Credibility Has Its Consequences’
Former President Donald Trump shredded the New York Times, the Washington Post, CNN, and MSNBC as “fake news media” in a series of videos shared to his Truth Social account and his campaign’s war room Twitter account on Wednesday. “The fake news media like CNN, MSDNC – which is sometimes referred to as MSNBC –the […]
- Media Ignore Physical Attack on Republican Gen. Don Bolduc
The establishment media have ignored the physical attack against Republican New Hampshire candidate Gen. Don Bolduc. The three top establishment newspapers, the New York Times, Washington Post, and Los Angeles Times, all failed to report the physical attack on Gen. Bolduc that occurred moments before Wednesday’s debate with Democrat Maggie Hassan (D-NH). The media’s decision […]
- Sex Offender Thanks Ketanji Brown Jackson for Three-Month Prison Sentence: ‘She Knew This Was Going to Hold Me Back … So She Didn’t Really Want to Add on to That’
The registered sex offender who was given three months in prison by Judge Ketanji Brown Jackson, nominated for the Supreme Court by President Joe Biden, is speaking out and seemingly thanking the judge for her lenient sentence in his case. In 2013, Jackson sentenced then-19-year-old Wesley Hawkins to three months in prison, three months of […]
- 15 Media Personalities Claimed Hunter’s Laptop Emails Were Likely Russian Propaganda Before New York Times Admitted
Fifteen establishment media personalities claimed Hunter Biden’s laptop emails were likely Russian propaganda before the New York Times admitted it Wednesday. After nearly two years of dismissing Hunter’s tantalizing emails uncovered before the 2020 presidential election, the Times admitted the laptop was authentic, in direct contradiction of many in the Democrat-allied media. The media personalities seemingly went […]
- Covington Teen Nicholas Sandmann Settles $275 Million Defamation Lawsuit with NBC
Covington Catholic High School student Nicholas Sandmann announced Friday that he settled a $275 million defamation lawsuit against NBC. Neither party publicized the terms of the settlement. However, Sandmann asked for $275 million in damages in his lawsuit against NBC Universal and MSNBC. “At this time I would like to release that NBC and I […]
- Washington Post Columnist Calls on CNN to Correct Its Dossier Reporting — After WaPo Corrects Its Own
A Washington Post columnist criticized CNN for not correcting its reporting that the dossier put together by Fusion GPS and ex-British spy Christopher Steele — which claimed the Trump campaign was colluding with Russia — was “corroborated.” The paper’s media critic, Erik Wemple, wrote Friday that CNN hosts and reporters had long-claimed the Steele dossier had […]
- Washington Post ‘Forced to Admit They Lied’ After Pretending ‘F*ck Joe Biden’ Chant Was ‘Let’s Go, Brandon’
The Washington Post, the leftist legacy media outlet whose motto is “Democracy Dies in Darkness,” admitted to publishing fake news about the public’s discontent with floundering President Joe Biden. During a September speech by Donald Trump Jr. in Georgia, the crowd broke into a “F*ck Joe Biden” chant at the prompting of the former president’s […]
