spot_img

LastPass admits new hack, some customer data exposed

Share post:

Information that hackers got from an August hack of password management provider LastPass was used to compromise the company again, its CEO has acknowledged.

“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information,” Karim Toubba said in a statement Wednesday.

The discovery, Toubba said, came after the company recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo

Customers’ passwords remain safely encrypted, he added.

“We are working diligently to understand the scope of the incident and identify what specific information has been accessed. In the meantime, we can confirm that LastPass products and services remain fully functional. As always, we recommend that you follow our best practices around setup and configuration of LastPass, which can be found here.” 

As part of its efforts, Toubba said, LastPass continues to deploy enhanced security measures and monitoring capabilities across its infrastructure to help detect and prevent further threat actor activity. 

Given the vast number of passwords it protects globally, Lastpass remains a big target, said Yoav Iellin, a senior researcher at Silverfort.

While LastPass admitted the threat actor gained access using information obtained in the previous compromise, exactly what this information is remains unclear, he said. Typically,  Iellin added, it’s best practice after suffering a breach for an organization to generate new access keys and replace other compromised credentials to ensure things like cloud storage and backup access keys cannot be reused.

LastPass subscribers should watch out for updates, and verify they are legitimate before taking any action. If they haven’t done so already, they should change the passwords and enable two-factor authentication on any applications with passwords in LastPass, he also said.

In the August incident, some of the company’s source code was stolen after one of its developer accounts was hacked.

The company says it has 100,000 business customers, as well as individual users. Combined, it counts 33 million registered users, with “the significant majority” represented by corporate customers.

The post LastPass admits new hack, some customer data exposed first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

spot_img

SUBSCRIBE NOW

Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways