Hackers Voice Cloned the CEO of LastPass For Attack (futurism.com) 15
An anonymous reader quotes a report from Futurism: In a new blog post from LastPass, the password management firm used by countless personal and corporate clients to help protect their login information, the company explains that someone used AI voice-cloning tech to spoof the voice of its CEO in an attempt to trick one of its employees. As the company writes in the post, one of its employees earlier this week received several WhatsApp communications -- including calls, texts, and a voice message -- from someone claiming to be its CEO, Karim Toubba. Luckily, the LastPass worker didn't fall for it because the whole thing set off so many red flags. "As the attempted communication was outside of normal business communication channels and due to the employee's suspicion regarding the presence of many of the hallmarks of a social engineering attempt (such as forced urgency)," the post reads, "our employee rightly ignored the messages and reported the incident to our internal security team so that we could take steps to both mitigate the threat and raise awareness of the tactic both internally and externally."
While this LastPass scam attempt failed, those who follow these sorts of things may recall that the company has been subject to successful hacks before. In August 2022, as a timeline of the event compiled by the Cybersecurity Dive blog detailed, a hacker compromised a LastPass engineer's laptop and used it to steal source code and company secrets, eventually getting access to its customer database -- including encrypted passwords and unencrypted user data like email addresses. According to that timeline, the clearly-resourceful bad actor remained active in the company's servers for months, and it took more than two months for LastPass to admit that it had been breached. More than six months after the initial breach, Toubba, the CEO, provided a blow-by-blow timeline of the months-long attack and said he took "full responsibility" for the way things went down in a February 2023 blog post.
While this LastPass scam attempt failed, those who follow these sorts of things may recall that the company has been subject to successful hacks before. In August 2022, as a timeline of the event compiled by the Cybersecurity Dive blog detailed, a hacker compromised a LastPass engineer's laptop and used it to steal source code and company secrets, eventually getting access to its customer database -- including encrypted passwords and unencrypted user data like email addresses. According to that timeline, the clearly-resourceful bad actor remained active in the company's servers for months, and it took more than two months for LastPass to admit that it had been breached. More than six months after the initial breach, Toubba, the CEO, provided a blow-by-blow timeline of the months-long attack and said he took "full responsibility" for the way things went down in a February 2023 blog post.
How are they still in business? (Score:5, Insightful)
Re: (Score:2)
The same may be asked about Microsoft. And these purveyors of insecure and hard to use crap are not only still in business, they are raking in cash like crazy. My conclusion is that the customer is essentially stupid.
Re: (Score:2)
Re: How are they still in business? (Score:2)
Social engineering has been happening for a while (Score:2)
Re: (Score:2)
Primary use case for AI (Score:4, Insightful)
Re: (Score:1)
Fraud.
Just think how much will be done when combined with crypto.
Hans Kristian Graebener = StoneToss
Re: (Score:2)
I want my quantum AI crapto-driven flying car!
Re: (Score:2)
Also good at helping write malware, hate-postings, lies, cheating on tests, etc. Such an excellent tool to have around!
Hello (Score:2)
My voice is my passport.
Verify me.
Re: (Score:2)
Still cannot get over a frigging mathematician building _hardware_ and a pen-tester kicking in doors! The math-lecture was hilarious and got a lot of laughs here. The "inductive homomorphism" was probably a translation error though.