In August of this year, LastPass, one of the password managers most popular in the world with more than 33 million users, announced that it was the victim of an attack by cyber criminalswho had access and stole the information of its source code, as well as technical information owned by the company.
After several weeks, the company updated the information about the attack and announced that, although the cyber criminals they had access to their systemthis was only limited to the development environment, so user data was not affected by this security breach.
In a statement issued by the company’s CEO, Karim Toubba, it was indicated that the attack lasted four days in August. In addition, it was assured that “there is no evidence that the threat has continued beyond that period of time. We can also confirm that there is no evidence that this incident involved access to any type of user information”.
According to the manager, the cybercriminals had access to the LastPass development environment because one of the people working in that environment saw their security compromised and that the attackers impersonated one of the employees after he had authenticated his identity.
In response to this, Toubba informed LastPass customers and users that the source code of the website to make sure no malicious code was introduced and that LastPass was able to team up with a cyber security to strengthen the security of your systems.
Secondly, LastPass stated that they have improved Security controls and monitoring, in addition to technologies used for development and productivity teams.
“We recognize that security incidents of any kind are uncomfortable, but we want to ensure that personal information and passwords are safe in our case,” says the company manager.
Recommendations to have a good password
The security of the access codes to accounts or profiles in websites they can contain sensitive information is very important, so people should take into account a series of recommendations to ensure that their passwords they are safe to avoid being victims of cyberattacks.
In principle, each password must be unique for each account or profile, whether in social networks, emails. This ensures that if a cybercriminal manages to access an account using that password, they will not be able to use the same password to access another service.
Also, for security reasons, it is recommended change password regularly. This makes it less likely that a password will be used to access an account without permission.
In the case of companies or organizations, it is important create a safety culture that involves an investment in an adequate security system and that the passwords of the workers’ users are constantly updated to prevent a cyberattack on one person from harming the entire company.
To increase the security of an account, it is possible to activate the two-step authentication, so that the user can prevent unwanted access to a profile remotely. This may involve the use of a question, a biometric registration, or a dynamic key that is sent to a personal device.