An anonymous reader cites a report in Futurism magazine. In a new blog post from LastPass, the password management company used by countless personal and business customers to protect their login information, the company claims that someone used AI voice cloning technology to impersonate its CEO's voice and manipulate users. He explains that he was trying to deceive. of that employee. As the company wrote in a post, earlier this week one of its employees received multiple WhatsApp communications, including phone calls, text messages, and voice messages, from someone claiming to be CEO Karim Tubba. Fortunately, LastPass employees didn't fall for it because the whole incident raised so many red flags. “Because the attempted communication was outside the scope of normal business communication channels and our employees were suspicious of the existence of many characteristics of the social engineering attempt (such as coercive urgency), we “employees naturally ignored the message.'' We reported the incident to our internal security team so that we can take steps to mitigate the threat and increase awareness of the tactic both internally and externally. ”
This LastPass scam attempt failed, but those who follow this kind of thing may recall that the company has been successfully hacked before. In August 2022, hackers compromised a LastPass engineer's laptop and used it to steal source code and trade secrets, as detailed in a timeline of events compiled by the Cybersecurity Dive blog. accessed a customer database containing encrypted and unencrypted passwords. User data such as email address. According to that timeline, the apparently resourceful malicious attacker remained active on the company's servers for several months, and it took him more than two months to admit that LastPass had been compromised. More than six months after the initial breach, CEO Toubba provided a detailed timeline of the months-long attack in his February 2023 blog post, explaining how things unfolded. He said he takes full responsibility.