lastpass

The miscues of LastPass continues, and this time it doesn’t seem to be their own wrongdoing. The company has warned of a fake official LastPass app that somehow made its way into Apple’s App Store. The fake app named “LassPass Password Manager”, listed under developer Parvati Patel, tries to replicate LastPass's branding and user interface....

In response to evolving cyber threats, LastPass has announced updates to its account security protocols aimed at bolstering customer protection.

Hackers reportedly exploited a vulnerability in the Plex Media Server software on the engineer's computer that was patched about 75 versions ago

The extensive attack targeted one of only four DevOps engineers at LastPass with the credentials required to access the servers that store customer data. 

The stolen information includes account usernames, account passwords (salted and hashed), billing information, and much more

LastPass claims if users follow default settings, it would take millions of years to guess the master password using password-cracking techniques.

The company has confirmed that encrypted vaults containing customers' passwords, secure notes, and form-filled data were stolen in a recent security breach

While the company does not know exactly what data was stolen, it was able to confirm that user passwords and vaults remain encrypted

LastPass maintains the hackers were only able to make away with its source code and "proprietary LastPass technical information."

Unusual login alerts reported by users were caused by "fairly common bot-related activity."

Free users will soon be able to view and manage passwords on one category of devices.

The company cites changes made by Apple in Safari, and says the switchover is happening to "provide the best experience for our customers."