LastPass confirms another security breach, customer data accessed this time

Back in August, password management company LastPass confirmed that it has suffered a cybersecurity incident in which its development environment was accessed. This resulted in some snippets of its code and proprietary technical documentation being stolen while customer data remained safe.

However, the firm has suffered yet another security breach, and this time, customer data has been accessed.

LastPass logo with skull icons on the corners

In an update to his initial security incident notice, LastPass CEO Karim Toubba has publicly disclosed that the company has detected unusual activity in an unnamed third-party cloud storage service provider that is used by both LastPass and its affiliate GoTo.

As such, the firm has launched an investigation into the matter while engaging cybersecurity firm Mandiant and alerting law enforcement. So far, it has determined that a malicious actor utilized information from the August breach to gain access to "certain elements" of customer data on the shared cloud. However, customer passwords remain encrypted and safe.

That said, this is an ongoing investigation as LastPass assesses the impact of the breach. LastPass products and services are currently functional but customers have been advised to follow best practices listed here.

It is unclear when we will hear an update on the matter but this is expected as the situation is evolving and this is still an active investigation. We'll let you know when we hear more on the topic.

Report a problem with article
Google Meet logo
Next Article

Google Meet will now offer better quality if you connect via a VDI

Twitter 20 written on a darkened background of a town square
Previous Article

Twitter assures users that policies haven't changed as it embraces "public testing"

Join the conversation!

Login or Sign Up to read and post a comment.

27 Comments - Add comment

Advertisement