Lastpass says hackers accessed customer data in new breach

by | Dec 1, 2022 | News

The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," the company said. "We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers' information." Lastpass said it hired security firm Mandiant to investigate the incident and notified law enforcement of the attack. It also noted that customers' passwords have not been compromised and "remain safely encrypted due to LastPass's Zero Knowledge architecture." LastPass data breach

Post Views: 690

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 3 Minutes

LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022.

 

The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service.

“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” the company said.

“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.”

Lastpass said it hired security firm Mandiant to investigate the incident and notified law enforcement of the attack.

It also noted that customers’ passwords have not been compromised and “remain safely encrypted due to LastPass’s Zero Knowledge architecture.”

“We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” Lastpass added.

 

See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course

Breached twice in one year

 

This is the second security incident disclosed by Lastpass this year after confirming in August that the company’s developer environment was breached via a compromised developer account.

The advisory was published days after BleepingComputer reached out to the company and received no response to questions regarding a possible breach.

In emails sent to customers at the time, Lastpass confirmed the attackers had stolen source code and proprietary technical information from its systems.

Trending: Find Hidden Info using Google Dorking manually, and Automated using Pagodo

Trending: Offensive Security Tool: linWinPwn

In a subsequent update, the company revealed that the attackers behind the August security breach maintained internal access to their systems for four days until they were evicted.

LastPass is behind one of the most popular password management software, claiming that it’s being used by more than 33 million people and 100,000 businesses.

Trending: AXLocker – a new ransomware that encrypts yours files, and then steals your Discord account

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This