Password manager with over 25 million users said an unauthorized party gained access to “certain elements of their customers’ information.”
“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement,” Karim Toubba, CEO of LastPass, said.
Apparently, a threat actor used information obtained in the August 2022 incident. LastPass disclosed an incident in the summer where an attacker breached systems through a compromised developer account. They took portions of source code and some proprietary LastPass technical information.
No data within users’ vaults, personal information, or master passwords were compromised in the August incident.
While LastPass customers’ passwords remain safe, the password manager said the attacker gained access to “certain elements of their customers’ information” this time. The company didn’t give any details about what that information contained.
“We are working diligently to understand the scope of the incident and identify what specific information has been accessed. In the meantime, we can confirm that LastPass products and services remain fully functional. As always, we recommend that you follow our best practices around setup and configuration of LastPass, which can be found here,” Toubba said.
More from Cybernews:
Sony and Lexar's encryption provider leaked sensitive data for over a year
From NASA to TJX Companies hackers: five notorious cybercriminals who saw jail time
Twitter quietly ditches its COVID misinformation policy
Putin embraces digital currency as sanctions cripple Russia’s economy
Hackers exploit trending TikTok challenge to deliver malware
Twitter is banned in China, but downloads surge as protestors look for authentic information
Subscribe to our newsletter
Your email address will not be published. Required fields are marked