Flavijus Piliponis â stock.ado

News Stay informed about the latest enterprise technology news and product updates.

Risk & Repeat: Breaking down the LastPass breach

Listen to this podcast

This podcast episode discusses the fallout of the recent LastPass breach, in which a threat actor stole encrypted logins and unencrypted website URLs from the password manager.

Password management company LastPass recently disclosed a breach in which a threat actor stole customer data, including encrypted website login info, unencrypted website URLs and personal information.

The breach was disclosed via a December update to a blog post disclosing a separate but related breach that occurred in August. LastPass CEO Karim Toubba wrote that a threat actor used stolen technical data from the August breach to target a LastPass employee and steal encryption keys. The keys included dual storage container decryption keys and a cloud storage access key, which were used to steal customer information from backups.

The customer data included company and end-user names, billing and email addresses, telephone numbers and IP addresses used by customers to access their LastPass accounts. Stolen data also included encrypted website usernames and passwords, plus unencrypted website URLs.

The breach has been met with a wave of criticism from competitors and professionals in the security space. Competitor 1Password published a blog post disagreeing with LastPass' claim that it would take "millions of years" to crack a master password. John Scott-Railton, senior researcher with Citizen Lab at University of Toronto, meanwhile, tweeted that the unencrypted website URLs could contain user account tokens and credential data.

In this episode of the Risk & Repeat podcast, TechTarget editors Rob Wright and Alex Culafi discuss the fallout of the latest LastPass breach.

Subscribe to Risk & Repeat on Apple Podcasts.

Alexander Culafi is a writer, journalist and podcaster based in Boston.

Networking
CIO
Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing
ComputerWeekly.com
Close