On December 23, 2022, a tweet by SwiftOnSecurity brought attention to a security breach at Lastpass, a leading provider of password encryption and authentication services.
LastPass attackers now know all websites you have passwords stored for and the blobs, encrypted only by your master password https://t.co/Wdbt6mWe8C https://t.co/HldcJ8DYkK
— SwiftOnSecurity (@SwiftOnSecurity) December 22, 2022
According to the tweet, Lastpass had a data breach, making users’ passwords, names, billing addresses, and browsing data accessible to hackers. From this, it can be seen that the importance of password security cannot be overstated, as weak or reused passwords are one of the main ways that hackers gain access to accounts. Due to the breach, the hacker was able to access a backup of customers’ data containing both unencrypted and fully-encrypted data.
Subsequently, another password manager, Okta, also had a data breach where the hacker had accessed and downloaded the source code for Okta’s software from the company’s GitHub repositories.
Users of both Lastpass and Okta as well as those who rely on other password encryption providers have expressed concern in light of this news because it shows how susceptible such systems are to cyberattacks.
According to a report by BleepingComputer, the hack of Okta’s Github repositories was carried out using a technique known as a “supply chain attack.” In this type of attack, the hacker targets a company’s software development process rather than its end users.
By infiltrating a company’s development infrastructure, the hacker can gain access to sensitive information such as source code, as well as the tools and processes used to build the software. This allows the hacker to gain access to a company’s systems at an early stage before any security measures have been put in place to protect against such threats.
Though it is unknown if the data breach on both Lastpass and Okta was done by the same hacker, what inspired the hacker to launch this attack remains a mystery at this time. The fact that they were able to access their development infrastructure, however, raises some red flags.
Both organisations have released a statement acknowledging the security breach and assuring users that their data is safe. The companies have also stated that the hacker did not gain access to any sensitive customer data and that their products and services remain secure.
Despite this assurance, it is important for users, most especially cryptocurrency holders, to remain vigilant and take appropriate precautions to protect their data to prevent the loss of their hard-earned funds.
In the wake of the Lastpass and Okta hacks, it is important for cryptocurrency holders to be aware of the risks posed by cyber-attacks and to take steps to protect themselves. By staying vigilant and taking appropriate precautions, it is possible to mitigate the risks and keep sensitive data safe from cyber criminals.