quote:

Password app LastPass hit by cybersecurity breach but says data remains safe

Company says its security system prevented the hacker accessing customer data or encrypted passwords

quote:

In August, LastPass determined that some of its source code and technical information was taken from unauthorised access to a third-party storage service the company had been using.

After an investigation the company said, while the threat actor had been able to access the company’s development environment, the system had prevented access to customer data or encrypted passwords.

At the time LastPass said the attacker had taken portions of source code and some proprietary LastPass technical information, but believed the risk to the app was limited.

quote:

If you’ve ever worried about the privacy of your sensitive data when seeking a computer or phone repair, a new study suggests you have good reason. It found that privacy violations occurred at least 50 percent of the time, not surprisingly with female customers bearing the brunt.

Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations had accessed personal data and that two of those shops also copied data onto a personal device. Devices belonging to females were more likely to be snooped on, and that snooping tended to seek more sensitive data, including both sexually revealing and non-sexual pictures, documents, and financial information.

Blown away
“We were blown away by the results,” Hassan Khan, one of the researchers, said in an interview. Especially concerning, he said, was the copying of data, which happened during repairs for one from a male customer and the other from a female. “We thought they would just look at [the data] at most.”

The amount of snooping may actually have been higher than recorded in the study, which was conducted from October to December 2021. In all, the researchers took the laptops to 16 shops in the greater Ontario region. Logs on devices from two of those visits weren’t recoverable. Two of the repairs were performed on the spot and in the customer's presence, so the technician had no opportunity to surreptitiously view personal data.

In three cases, Windows Quick Access or Recently Accessed Files had been deleted in what the researchers suspect was an attempt by the snooping technician to cover their tracks. As noted earlier, two of the visits resulted in the logs the researchers relied on being unrecoverable. In one, the researcher explained they had installed antivirus software and performed a disk cleanup to “remove multiple viruses on the device.” The researchers received no explanation in the other case.