Lastpass says hackers accessed customer data in new breach
Reading Time: 3 Minutes
LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022.
The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service.
“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” the company said.
“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.”
Lastpass said it hired security firm Mandiant to investigate the incident and notified law enforcement of the attack.
It also noted that customers’ passwords have not been compromised and “remain safely encrypted due to LastPass’s Zero Knowledge architecture.”
“We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” Lastpass added.
We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate GoTo. Customer passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture. More info: https://t.co/xk2vKa7icq pic.twitter.com/ynuGVwiZcK
— LastPass (@LastPass) November 30, 2022
See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course
Breached twice in one year
This is the second security incident disclosed by Lastpass this year after confirming in August that the company’s developer environment was breached via a compromised developer account.
The advisory was published days after BleepingComputer reached out to the company and received no response to questions regarding a possible breach.
In emails sent to customers at the time, Lastpass confirmed the attackers had stolen source code and proprietary technical information from its systems.
Trending: Offensive Security Tool: linWinPwn
In a subsequent update, the company revealed that the attackers behind the August security breach maintained internal access to their systems for four days until they were evicted.
LastPass is behind one of the most popular password management software, claiming that it’s being used by more than 33 million people and 100,000 businesses.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com