“Secondary breaches, and the use of harvested credentials purchased through Initial Access Brokers (as in, for example, the recent Uber breach), are on the rise and should be taken into account by defenders,” said Ellis.
“Users of LastPass are encouraged to change their master passwords, as well as any 2FA keys they may have saved in their database, and then, ideally, work back and rotate passwords beginning with the most important services, such as email, banking account, code repos, and company passwords.Įllis added while attribution to the same or a different threat actor isn't part of the notification, it struck him as noteworthy that LastPass drew attention to the use of information from the August 2022 incident in this one. “This is certainly a worrying hack,” said Casey Ellis, founder and CTO at Bugcrowd. Password manager company LastPass gave an update of its security incident from August, which prompted security researchers to tell admins that they really need to take steps to protect their environments.
The logo for online password manager service LastPass is reflected on the internal discs of a hard drive.
0 kommentar(er)
