Photo: Omar Marques/SOPA Images/LightRocket via Getty Images
LastPass CEO Karim Toubba said in a blog post Wednesday he takes full responsibility for his company's communications failures about recent cybersecurity incidents.
The big picture: LastPass, a password manager with roughly 30 million users, has been called out by customers for sharing limited information about two cyber incidents that happened in August.
Catch up quick: In the last six months, LastPass has gone back on how serious its recent cybersecurity incidents have actually been.
Driving the news: This week, the company shared in a difficult-to-find security advisory that attackers initially gained access to LastPass' systems by targeting a key employee's home computer.
What they're saying: "The length of the investigation left us with difficult trade-offs to make in that regard," Toubba wrote in the post.
Details: In Wednesday's post, Toubba said attacks accessed sensitive customer data, source code repositories, internal company secrets and cloud-based backup storage locations.
Yes, but: Wednesday's blog post does not have the same level of details as the earlier advisories from LastPass that circulated earlier this week — although those advisories are linked in Toubba's post.
Between the lines: Toubba said the company has been deploying "several new security technologies across our infrastructure, data centers, and our cloud environments to further bolster our security posture" in recent months.
State of play: LastPass users' "master password" — the password users need to log into their account — are the only sensitive pieces of information attackers haven't accessed, in part because LastPass doesn't store that information to begin with.
Be smart: LastPass is advising users to make sure they're using a strong and unique master passwords and to evaluate the strength of the passwords stored in their other accounts.
Sign up for Axios’ cybersecurity newsletter Codebook here.
Leave a Reply