Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

LastPass suffers second data breach in 5 months

Password management app LastPass has announced that hackers have breached its cloud storage containing customer data.

user icon Daniel Croft
Fri, 02 Dec 2022
LastPass suffers second data breach in 5 months
expand image

The company, which aims to increase security by encouraging users not to reuse passwords and allowing them to make longer ones by storing them all together, was attacked back in August making this the second data breach in five months.

LastPass is one of the most popular password management systems on the market, saying that it is used by over 33 million people and 100,000 businesses.

The company has said that cyber attackers gained access to customer data using information they had stolen from the previous breach.

============
============

Hackers gained access to the company’s developer environment using a hacked developer account, stealing source code and technical information that allowed them to access customer data in this most recent breach.

“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” said LastPass chief executive officer Karim Toubba.

We have determined that an unauthorised party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.”

LastPass has maintained that despite the hack, customer passwords remain safe.

“Our customers’ passwords remain safely encrypted due to LastPass’ Zero Knowledge architecture,” added Toubba.

"We are working diligently to understand the scope of the incident and identify what specific information has been accessed.”

The company has announced that it has “immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement”.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.