Instead, it was a threat actor who exploited a vulnerability in third-party software which allowed them to bypass protections to access non-production development and backup storage. Toubba said that neither occurrence was the result of a product defect or unauthorized access to or abuse of their production systems. Last fall there were two cybersecurity incidents impacting customers. “In sharing these additional details today, and in our approach going forward, we are determined to do right by our customers and communicate more effectively,” added the CEO. The length of the investigation left us with difficult trade-offs to make in that regard, but we understand and regret the frustration that our initial communications caused for both the businesses and consumers who rely on our products,” Toubba said in a Mablog post. “We have heard and taken seriously the feedback that we should have communicated more frequently and comprehensively throughout this process. In the update, the CEO noted the company serves millions of customers and more than 100,000 businesses. The CEO said they have not seen any threat-actor activity to the password vault platform since October 26. Toubba provided a detailed update on what happened, how it impacted LastPass users, and the actions the company has taken to prevent cybersecurity breaches in the future. Earlier this month, Karim Toubba, CEO of LastPass, released the results of their investigation into two security incidents that occurred last fall.
0 kommentar(er)
