LastPass, a popular password manager with tens of millions of users, has suffered a data breach twice this year!
In an official announcement, LastPass confirmed that some unknown people had accessed its customer data using stolen credentials from a previous breach. Assuring that no customer passwords were compromised, the company has now hired a forensic firm to investigate the incident further.
LastPass Data Breach
With over 33 million users and 100,000 business clients, LastPass is no doubt a popular password manager. This makes it an interesting target to breach whenever there’s a loophole. And hackers did for the second time this year!
We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate GoTo. Customer passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture. More info: https://t.co/xk2vKa7icq pic.twitter.com/ynuGVwiZcK
— LastPass (@LastPass) November 30, 2022
After a breach in August, some unknown people have accessed the LastPass cloud storage that it shares with its GoTo affiliate, said the company in an announcement. The unauthorized parties have accessed the customer data using stolen credentials from an August breach incident.
While there are customers’ passwords compromised in this case due to LastPass’s Zero Knowledge Architecture, the company claims to have informed law enforcement and hired Mandiant – a security firm to investigate the incident deeper. Further,
“We are working diligently to understand the scope of the incident and identify what specific information has been accessed.”
While we wait for the details, the earlier breach from August was due to a compromised developer account. In email notifications sent to customers at that time, LastPass said the hackers had stolen their source code and proprietary technical information from its systems.
Further, the company even said that hackers had stayed within their network for four days before they were detected and evicted. This duration is more than enough to suck out all the important information – which maybe helped them in the latest attack.