Lastpass breached by threat actors

Share post:

LastPass, the password manager, has informed customers that unknown attacker breached its cloud storage using information stolen during a previous security incident in August 2022. The attacker also managed to access customer data stored in the compromised storage service, but that passwords are safe and encrypted due to LastPass’s Zero Knowledge architecture.

LastPass is one of several password managers on the market that aim to reduce password reuse online by storing them in a single app. It also makes it simpler for users to generate strong passwords when necessary.

LastPass discovered in August that some of its source code and technical information had been stolen as a result of unauthorized access to a third-party storage service the company was using. According to the company’s findings, while the threat actor was able to gain access to the company’s development environment, the system prevented access to customer data or encrypted passwords.

“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” Lastpass said.

“We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” Lastpass added.

Lastpass said it hired security firm Mandiant to investigate the incident and reported it to law enforcement.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Microsoft Ends Support for Office 365 Apps on Windows 10: Hashtag Trending for Friday, January 17, 2025

Microsoft announces they won’t support  Office 365 on Windows 10, D-Wave achieves a quantum computing milestone, TikTok prepares...

Hackers Mount High Speed Microsoft 365 Attack: Cyber Security Today – January 17, 2025

Hackers exploit a high-speed Go library to target Microsoft 365 accounts worldwide, North Korea’s Lazarus group lures developers...

North Korean Job Scam Targeting IT Job Seekers

North Korea’s Lazarus advanced persistent threat (APT) group has launched a sophisticated campaign, “Operation 99,” targeting freelance software...

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways