LastPass is warning its customers about a recent security breach. This follows another hacking incident that occurred in August, which looks like the two are related.
Earlier this week, LastPass CEO Karim Toubba shared a message to customers notifying them of the breach. It also sent emails to its customers with the same message.
“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” Toubba wrote in an email. “We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement.
We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.”
Initially, the company noticed strange activity in its third-party cloud storage service. It immediately began investigating with the help of Mandiant, a leading security firm.
Toubba says the company discovered an ‘unauthorized party’ gained access to certain elements of its customers’ information.
LastPass claims that users’ passwords are safe
The messages confirm that the bad actor accessed this data using information they obtained in the breach back in August. Thankfully, LastPass ensures that users’ passwords are safe, however
“Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture,” reads the statement to customers.
The company is traditionally transparent about breaches and similar activities that could endanger its customers. It will likely update the message page with more information as soon as more details are added.
LastPass didn’t share exactly what kind of information the hacker accessed. But it did confirm that passwords remain safe.
Additionally, the company recommends following these steps to ensure you use the best practices when setting up LastPass.
Consequently, it’s not a good look for a security-focused company to have multiple breaches as much as LastPass has had in the past few months.
However, the company has been very transparent, and it seems like it’s working hard to overcome and avoid these breaches in the future.
Have any thoughts on this? Carry the discussion over to our Twitter or Facebook.
