LastPass announced that customer data was accessed in a security breach, marking the company’s second hack of 2022.
LastPass suffered another data breach, in which customer information was accessed. The company has assured that user passwords are not exposed to this attack.
LastPass suffers another data breach
On November 30, 2022, password manager provider LastPass announced that it suffered a data breach in which customer data was accessed.
In a LastPass Security Notice, it was stated that the company “has detected unusual activity within a third-party cloud storage service, which is currently shared by LastPass and its subsidiary, GoTo.” LastPass also posted the incident on its Twitter page.
LastPass has partnered with Mandiant, an American cybersecurity company, to investigate the breach and alert authorities to the attack.
This November incident marks another LastPass data breach, the last of which took place in August 2022.
Data from August’s LastPass breach was used in its latest hack
In its investigation of Mandiant, LastPass found that the threat actors involved used information obtained from the August 2022 hack to carry out the November breach.
During the August breach, which lasted four days, the LastPass development environment was accessed through a compromised account. As a result of this hack, the source code and technical data were stolen.
Some data hosted by this attack helped hackers gain access to customer data during the latest LastPass breach, although it was not specified what type of data it was.
Customer passwords are not at risk
Although user data was accessed during this LastPass breach, the company assured customers that their passwords were not exposed to the hackers responsible.
LastPass also said in its security advisory on the incident that it will “continue to deploy enhanced security measures and monitoring capabilities” across its infrastructure to both detect and prevent new malicious actor activity. More information is expected to be released on this breach as LastPass and Mandiant investigate further.
Password managers continue to be popular around the world
While the password manager’s security vulnerabilities are cause for concern, that doesn’t mean this method of storing passwords isn’t secure. If you use a reliable and reputable password management service, your passwords will be encrypted and thus made unbreakable to hackers. Just make sure that the manager you choose is responsible and uses adequate security measures before entrusting them with your passwords.
