Major password manager suffers another security breach

Password manager LastPass announced Wednesday it had suffered its second data breach in three months.

CEO Karim Toubba said the company recently detected unusual activity within a third-party cloud storage service that is shared by LastPass and affiliate GoTo.

He said an investigation was immediately launched into the incident by security firm Mandiant and that law enforcement had been alerted.

Web directory & Search Engine

“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture,” Toubba said.

In this photo illustration, the logo for online password manager service LastPass is reflected on the internal discs of a hard drive. (Leon Neal/Getty Images)

LastPass is working to identify what specific information has been accessed and the scope of the incident.

Products and services remain fully functional, and LastPass said it continues to deploy enhanced security measures and monitoring capabilities across its infrastructure.

Toubba said further updates would be provided as LastPass learns more details.

In this photo illustration, a LastPass logo is displayed on a smartphone.

In this photo illustration, a LastPass logo is displayed on a smartphone. (Mateusz Slodkowski/SOPA Images/LightRocket via Getty Images)

In August, LastPass said an unauthorized party had gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.

Following an investigation, Toubba said in September that the threat actor’s activity had been limited to a four-day period and confirmed that there is no evidence this incident involved any access to customer data or encrypted password vaults.

“We recognize that security incidents of any sort are unsettling but want to assure you that your personal data and passwords are safe in our care,” he said then.

Leave your vote


Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.