Breach, Incident Response
Cybersecurity experts condemn LastPass breach announcement
LastPass' announcement of a significant breach on its platform that resulted in hackers obtaining access to users' password vaults in November has been denounced by cybersecurity experts to downplay the severity of the intrusion, reports The Verge.
Security researcher Wladimir Palant said that LastPass has not been transparent in depicting the data breach it experienced in August, which the company noted to have resulted in the theft of "some source code and technical information." While LastPass has regarded the August breach as a separate incident, Palant said that the password management platform has only "failed to contain" the incident. LastPass' claim of having a 'zero knowledge' architecture has also been slammed by security researcher Jeremi Gosney to be "a bald-faced lie." "I think most people envision their vault as a sort of encrypted database where the entire file is protected, but no with LastPass, your vault is a plaintext file and only a few select fields are encrypted," said Gosney.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds