Password Manager LastPass Suffers A Security Incident

Company reports customers information exposure

On November 30, it became known that a popular solution for password management “LastPass” has suffered its second security incident this year. LastPass is still investigating the intrusion details. Meanwhile, we have gathered for you all the available information in this article.

“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” shared company CEO Karim Toubba.

The company has addressed their customers in an official statement confirming some of the personal information has been exposed during this attack. What information exactly has ended up in the threat actor’s hands currently in unknown.

What LastPass lets us know is: “We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information”

Formerly known as LogMeIn, GoTo has acquired LastPass in October 2015. In December 2021, the Boston-based firm announced plans to continue developing LastPass as an independent company.

Photo by Dan Nelson

The August incident at LastPass

In August this year LastPass has confirmed a security incident that resulted in the theft of certain source code and technical information. At the time no customers data has been compromised.

Original statement made by the company reveals that an attacker has used a compromised developer account to gain access to portions of source code.

“We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally. ” – CEO Karim Toubba said.

The company has emphasised that no passwords have been possibly stolen during the security attacks: “Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.” Still, LastPass does not reveal what data exactly has been compromised.

The Kaduu Team, in our turn, will research all the corners of darknet to find a possible LastPass data breach. And meanwhile, we propose you to read our previous article about famous surfing brand data leak.

Stay tuned and read our cyber security news!

Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.