Last Year's Lastpass Security Incident Follow-up

Have questions about LastPass, or having problems using it? Ask for help here!

Moderators: admin, Israel, anatoly_LP, chantieLP, robyn, JoeSiegrist

Last Year's Lastpass Security Incident Follow-up

Postby quotidian » Mon Sep 17, 2012 11:40 pm

Sorry if this is already covered here. I searched around here and on the blog but didn't find anything.

After the security incident last year, you guys said you'd bring in outside security firms, start doing regular security reviews, and publish the results. Did that ever end up happening, and did they figure out what caused the breach to begin with? If so, are these results posted anywhere?

Thanks
quotidian
 
Posts: 180
Joined: Fri Nov 26, 2010 9:40 pm

Re: Last Year's Lastpass Security Incident Follow-up

Postby Bubbly » Tue Sep 18, 2012 8:01 am

Truth be told I haven't read anything about it since that month at all. Except for a few users who still have their doubts on LastPass because of that hack.

- Multiple security experts and firms were brought in to help us, we've engaged one firm to do a further source code based review.
- We're committed to doing several reviews per year and sharing the results of these reviews.

Src.
Bubbly
 
Posts: 237
Joined: Fri Jan 13, 2012 12:45 am

Re: Last Year's Lastpass Security Incident Follow-up

Postby Lars » Tue Sep 18, 2012 10:54 pm

Bubbly Wrote:Truth be told I haven't read anything about it since that month at all. Except for a few users who still have their doubts on LastPass because of that hack.

LastPass noted some suspicious traffic, but found no rock solid evidence of a full on hack taking place.
I too would like to know more about it, but can understand if they are unable to provide such information presently.
Lars
 
Posts: 2580
Joined: Wed Jul 14, 2010 10:48 pm
Location: So Cal

Re: Last Year's Lastpass Security Incident Follow-up

Postby JoeSiegrist » Tue Sep 18, 2012 11:06 pm

quotidian Wrote:After the security incident last year, you guys said you'd bring in outside security firms, start doing regular security reviews, and publish the results. Did that ever end up happening,


Yes, a number of firms have been brought in, and continue to be brought in, we're also using a well regarded outside nightly PCI scanner on top of our own efforts. We're doing another outside audit this week as is one of our customers. We'll make one of these public.

quotidian Wrote: and did they figure out what caused the breach to begin with?


No...
JoeSiegrist
 
Posts: 4185
Joined: Wed Aug 20, 2008 10:40 am

Re: Last Year's Lastpass Security Incident Follow-up

Postby quotidian » Wed Sep 19, 2012 12:11 am

JoeSiegrist Wrote:Yes, a number of firms have been brought in, and continue to be brought in, we're also using a well regarded outside nightly PCI scanner on top of our own efforts. We're doing another outside audit this week as is one of our customers. We'll make one of these public.


Thanks for the response, and thanks for following through on publishing some results. I know you guys take security seriously, but it's good to hear you aren't letting up.
quotidian
 
Posts: 180
Joined: Fri Nov 26, 2010 9:40 pm

Re: Last Year's Lastpass Security Incident Follow-up

Postby ateliered » Thu Jan 10, 2013 7:41 pm

JoeSiegrist Wrote:... a number of firms have been brought in, and continue to be brought in, we're also using a well regarded outside nightly PCI scanner on top of our own efforts. We're doing another outside audit this week as is one of our customers. We'll make one of these public.


@JoeSiegrist: Has an audit report you referred to made public, and if so where can I find it? Thanks.
ateliered
 
Posts: 3
Joined: Thu Jan 10, 2013 7:18 pm

Re: Last Year's Lastpass Security Incident Follow-up

Postby crx » Fri Jan 11, 2013 6:21 am

ateliered Wrote:
JoeSiegrist Wrote:... a number of firms have been brought in, and continue to be brought in, we're also using a well regarded outside nightly PCI scanner on top of our own efforts. We're doing another outside audit this week as is one of our customers. We'll make one of these public.


@JoeSiegrist: Has an audit report you referred to made public, and if so where can I find it? Thanks.


I'd like some follow-up on this as well.
crx
 
Posts: 1
Joined: Fri Jan 11, 2013 6:07 am

Re: Last Year's Lastpass Security Incident Follow-up

Postby Bubbly » Sun Jan 13, 2013 4:36 pm

Same here :)
Bubbly
 
Posts: 237
Joined: Fri Jan 13, 2012 12:45 am

Re: Last Year's Lastpass Security Incident Follow-up

Postby gobetween » Fri Jan 25, 2013 1:27 pm

@JoeSiegrist: Would appreciate an update, as well.
gobetween
 
Posts: 1
Joined: Thu Jan 24, 2013 11:52 am

Re: Last Year's Lastpass Security Incident Follow-up

Postby ateliered » Wed Mar 20, 2013 10:50 am

@JoeSiegrist: Could you please be so kind to post an update on this; thank you. It's been several months since you wrote that a report was published, and it seems very hard to locate it. If indeed it has been, could you provide a link to it? Much appreciated.
ateliered
 
Posts: 3
Joined: Thu Jan 10, 2013 7:18 pm

Next

Return to General Support & Troubleshooting

Who is online

Users browsing this forum: Google Feedfetcher and 121 guests