LastPass confirms another breach

Password manager with over 25 million users said an unauthorized party gained access to “certain elements of their customers’ information.”

“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement,” Karim Toubba, CEO of LastPass, said.

Apparently, a threat actor used information obtained in the August 2022 incident. LastPass disclosed an incident in the summer where an attacker breached systems through a compromised developer account. They took portions of source code and some proprietary LastPass technical information.

No data within users’ vaults, personal information, or master passwords were compromised in the August incident.

While LastPass customers’ passwords remain safe, the password manager said the attacker gained access to “certain elements of their customers’ information” this time. The company didn’t give any details about what that information contained.

“We are working diligently to understand the scope of the incident and identify what specific information has been accessed. In the meantime, we can confirm that LastPass products and services remain fully functional. As always, we recommend that you follow our best practices around setup and configuration of LastPass, which can be found here,” Toubba said.

More from Cybernews:

Sony and Lexar's encryption provider leaked sensitive data for over a year

From NASA to TJX Companies hackers: five notorious cybercriminals who saw jail time

Twitter quietly ditches its COVID misinformation policy

Putin embraces digital currency as sanctions cripple Russia’s economy

Hackers exploit trending TikTok challenge to deliver malware

Twitter is banned in China, but downloads surge as protestors look for authentic information

Subscribe to our newsletter


prefix 4 months ago
"No data within users’ vaults, personal information, or master passwords were compromised in the August incident."

The large number of victims of cybercrime from LastPass customers, including my own, very recent, personal losses, speaks otherwise.
Leave a Reply

Your email address will not be published. Required fields are markedmarked