Recent Posts

Reassurance from CEO about the Breach at LastPass

Reassurance from CEO about the Breach at LastPass

Lastpass, the password manager application, had reported that it found a security breach back in August. The perpetrator had supposedly stayed in the network for only 4 days and had access only to the development environment and not to the customer data or the password vaults. The threat actor had gained access to the development environment through one of the developer’s endpoint by impersonating as the developer. LastPass has hired Mandiant to conduct the necessary forensics to identify the extent of the breach, methods to contain it and further steps to avoid such a mishap in the future.


Karim Toubba, LastPass’s CEO, went on to explain why the believe that the hacker did not have access to anything beyond the developer environment in his letter,

Since the hacker had access to the development environment, it raises the question of whether any kind of code-poisoning or malicious code injection might have happened. Karim Toubba goes on to explain that the process of production release on a high level by assuring that the developers do not have access to make production updates and that the code undergo rigorous code review, testing and validation before it is moved into production.

    

    LastPass appear to be following some of the best practices in information security to protect its users and their data, while instilling the confidence in all to trust in its product and services. 

Sisyphus Raja
No Comments

Sorry, the comment form is closed at this time.