LastPass CEO Karim Toubba said in a blog post Wednesday he takes full responsibility for his company’s communications failures about recent cybersecurity incidents.
The big picture: LastPass, a password manager with roughly 30 million users, has been called out by customers for sharing limited information about two cyber incidents that happened in August.
- A data breach is high-stakes for any password manager considering they store a user’s login information across various online accounts in one place.
- “I acknowledge our customers’ frustration with our inability to communicate more immediately, more clearly, and more comprehensively throughout this event,” Toubba wrote. “I accept the criticism and take full responsibility.”
Catch up quick: In the last six months, LastPass has gone back on how serious its recent cybersecurity incidents have actually been.
- Initially, the company told users in August that the initial data breach was limited to LastPass’ development environment and didn’t affect customer data.
- A few days before Christmas, the company disclosed there was actually a second breach that piggybacked off the access hackers got from the first incident that resulted in sensitive user information being hacked.
Driving the news: This week, the company shared in a difficult-to-find security advisory that attackers initially gained access to LastPass’ systems by targeting a key employee’s home computer.
- The advisory also disclosed that attackers in the second reported incident had access to LastPass’ cloud storage between August and October.
- The advisory with these new details wasn’t widely shared and included an HTML code to prevent the post from appearing in search engines.
What they’re saying: “The length of the investigation left us with difficult trade-offs to make in that regard,” Toubba wrote in the post.
- “We understand and regret the frustration that our initial communications caused for both the businesses and consumers who rely on our products.”
Details:…
Read the full article here
