Security News

Russian media streaming platform 'START' has confirmed rumors of a data breach impacting millions of users. Even though a global reset isn't enforced by START, it is recommended that all users change their passwords.

As you no doubt already know, because the story has been all over the news and social media recently, the widely-known and widely-used password manager LastPass last week reported a security breach. We regularly recommend our readers and podcast listeners to consider using a password manager, even though we've also written up numerous security blunders in password manager tools over the years.

Data for over 2.5 million individuals with student loans from Oklahoma Student Loan Authority and EdFinancial was exposed after hackers breached the systems of technology services provider Nelnet Servicing.Technology services from Nelnet Servicing, including a web portal, are used by OSLA and EdFinancial to give online access students taking out a loan access to their loan accounts.

Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication service. The communication tools company said the unauthorized access made it possible for the adversary to register additional devices to those accounts.

The threat actor behind the Twilio hack used their access to steal one-time passwords delivered over SMS from customers of Okta identity and access management company. Okta provides its customers with multiple forms of authentication for services, including temporary codes delivered over SMS through Twilio.

Food delivery firm DoorDash has disclosed a data breach exposing customer and employee data that is linked to the recent cyberattack on Twilio. DoorDash previously suffered a data breach in 2019 that exposed the data of nearly 5 million customers.

Food delivery firm DoorDash has disclosed a data breach exposing customer and employee data that is linked to the recent cyberattack on Twilio. In a security advisory released Thursday afternoon, DoorDash says that a threat actor gained access to the company's internal tools using stolen credentials from a third-party vendor that had access to their systems.

Twilio's investigation into the attack on August 4 reveals that hackers gained access to some Authy user accounts and registered unauthorized devices. Authy is a two-factor authentication service from Twilio that allows users to secure their online accounts where the feature is supported by identifying a second time via a dedicated app after typing in the login credentials.

"An unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information," the makers of the popular password manager LastPass announced on Thursday, but reassured users that the Master Passwords securing their password vaults are safe. LastPass says that they detected the breach two weeks ago, but that they haven't discovered evidence of the attacker gaining access to customer data in their production environment or encrypted password vaults.

Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment.