The company is working with cybersecurity firm Mandiant to investigate the incident. It is unclear what information this breach may have exposed. However, LastPass assured users that their passwords are fully encrypted and its products remain functional. “We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” LastPass CEO Karim Toubba said in a press release. This announcement comes after a breach in August allowed a threat actor to access LastPass’ source code and some technical information. LastPass said the threat actor used information from the August breach to carry out the latest hack. The company said it had notified the relevant law enforcement authorities.
GoTo Confirms Breach
GoTo has also released a statement about the breach. According to the company’s CEO, Paddy Srinivasan, the threat actor targeted GoTo’s shared third-party cloud storage service and its development environment. Neither GoTo nor LastPass has identified the third-party cloud service provider that suffered the breach. Both companies expressed their commitment to protecting users and preventing any future attacks. “As part of our efforts, we continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent further threat actor activity,” Toubba said. In September, after it concluded its investigation into the August breach, LastPass confirmed the incident did not expose any user data. “We can also confirm that there is no evidence that this incident involved any access to customer data or encrypted password vaults,” a statement from LastPass said.
LastPass’ History of Breaches
LastPass has had its fair share of data breaches in recent years. In the August incident, the threat actor breached LastPass’ development environment using a compromised developer account. The company said the attacker had access to its systems for four days. In February 2021, security researchers found seven embedded trackers in the LastPass Android app. Later in December 2021, several users started receiving emails about an attempted login to their accounts. It was later confirmed that the attacker used credential stuffing to gain access to the master passwords of some users. Before these troubling incidents, we ranked LastPass among the best password managers. If you’re considering getting a password manager, check out detailed reviews of top password managers like 1Password, NordPass, and RememBear.
