in August The hackers got into the development environment of the Lastpass password manager, via one of the developers’ computers. Among other things, they came across the source code, but since the development environment is not connected to the production environment, they were unable to access any stored passwords or customer data. Loadpass thought.
Now the company reports on a file A new security incident. It turns out that the hackers in the previous incident came across data that they could in turn use to break into the cloud storage service Lastpass shares with Goto (both subsidiaries of Logmein).
Once in the cloud storage, the hackers gained access to “certain customer information”. Exactly what information and how many customers you’re interested in is something Lastpass is still working on determining. The company has hired security firm Mandiant to investigate.
The company notes that user vaults and master passwords are secure because Lastpass uses a “zero-knowledge architecture” — the master password is in no way sent to the server without decryption occurring on the device. But what may have been leaked are things like names, email addresses, home addresses, and phone numbers. Lastpass promises to report as soon as the company says what the hackers got.
More Stories
EA President Talks New Dragon Age: 'A Return to What Made Bioware Great'
She thought she had bought a phone – she was shocked by its contents
Rumor: Lots of AI in Google's Pixel 10 and 11 cameras