Lastpass breached by threat actors

Share post:

LastPass, the password manager, has informed customers that unknown attacker breached its cloud storage using information stolen during a previous security incident in August 2022. The attacker also managed to access customer data stored in the compromised storage service, but that passwords are safe and encrypted due to LastPass’s Zero Knowledge architecture.

LastPass is one of several password managers on the market that aim to reduce password reuse online by storing them in a single app. It also makes it simpler for users to generate strong passwords when necessary.

LastPass discovered in August that some of its source code and technical information had been stolen as a result of unauthorized access to a third-party storage service the company was using. According to the company’s findings, while the threat actor was able to gain access to the company’s development environment, the system prevented access to customer data or encrypted passwords.

“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” Lastpass said.

“We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” Lastpass added.

Lastpass said it hired security firm Mandiant to investigate the incident and reported it to law enforcement.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs



Related articles

Stack Overflow moderators strike over limited authority to remove AI-generated content

Stack Overflow’s moderators are on strike over a new policy that limits their ability to remove AI-generated content....

EFF expresses concern over proposed United States Patent and Trademark Office’s rules

The Electronic Frontier Foundation (EFF), a digital rights advocate organization, has expressed its dissatisfaction with the United States...

Reddit communities to go private in protest of new API pricing

Reddit communities like r/videos, r/reactiongifs, r/earthporn, and r/lifeprotips, will be going private for 48 hours from June 12th...

Gartner debunks myths undermining cybersecurity success

Henrique Teixeira, Senior Director Analyst at Gartner, and Leigh McMullen, Distinguished VP Analyst at Gartner, highlighted and disproved...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways