Cloud-based password management service lastpass Troubled days never pass for him. The platform provides information about the cyber attacks that occurred last year. investigation made a new statement. Accordingly, the event is more serious and more serious than expected. hackers In order to capture user data, he resorted to methods that almost gave up. Here are the details!
Last minute hack description from Lastpass
Password storage platforms are often preferred because they make it very easy to log in to sites and applications that require membership. LastPass, one of these platforms, has come to the fore with hacking incidents many times in the past year. User data Zero Knowledge (Zero Knowledge) architecture, the platform shared the new findings obtained within the scope of the investigation. Accordingly, the attacks in question date back to third-party media software on an employee’s home computer.
lastpass In the latest announcement made by hackers, a DevOps engineerIt was stated that the company placed a keylogger in a third-party media application installed on the home computer. In this way, hackers, who captured the master password used by the engineer, gain access to the company’s servers, where customer backups are located. cloudy based Amazon S3 They gained access to a lot of private information, such as vault entries containing the encryption keys needed to unlock their group.
Hackers target Dude: Massive cyber attack
A big cyber attack was carried out on the Friends Association, which was trying to heal the wounds after the Southeast Anatolian earthquake.
The investigation into the cyber attacks that the Lastpass platform has experienced continues at full speed and a new detail emerges every day. Stating that users can continue to use their platform securely, LastPass made the following statement after being hacked last year:
“I would like to inform you of a development that we think is important to us to share with our LastPass business and consumer community.
Two weeks ago, we detected unusual activity in parts of the LastPass development environment. After immediately launching an investigation, we saw no evidence that this incident involved any access to customer data or encrypted password segments.
We’ve determined that an unauthorized party has gained access to parts of the LastPass development environment through a single compromised developer account, and has obtained portions of the source code and some proprietary LastPass technical information. Our products and services are operating normally.
In response to the incident, we implemented containment and mitigation measures. We signed with a leading cybersecurity and forensics firm. As our investigation continues, we have reached a state of containment, implemented additional enhanced security measures, and have found no further evidence of unauthorized activity.
Based on what we have learned and applied, we are evaluating further mitigation techniques to strengthen our environment. Below we have included a short FAQ that we anticipate will be your most pressing questions and concerns. We will keep updating you with the transparency you deserve.
Thank you for your patience, understanding and support”
So what do you think about this subject? Do not forget to share your views with us in the comments section!