- LastPass announced that hackers managed to hackers using information obtained in the August 2022 incident managed to access customer data.
- The company stated that they are working on identifying what specific information has been accessed but claimed that passwords are safe.
- In the August 2022 incident, hackers had access to their internal network for four days and managed to steal the source code.
LastPass CEO Karim Toubba published a blog post to inform users about a security incident that happened recently. According to the post, unauthorized third parties accessed a third-party cloud storage service, which is used by LastPass. The attackers managed to gain access to certain elements of its customers’ information.
Passwords are safe
Although the company didn’t specify the content of stolen data, Toubba claimed that customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture. LastPass stated that hackers used information that is obtained in the August incident to gain access to customers’ information.
We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate GoTo. Customer passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture. More info: https://t.co/xk2vKa7icq pic.twitter.com/ynuGVwiZcK
— LastPass (@LastPass) November 30, 2022
Once the company detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo, the company launched an investigation with Mandiant and alerted law enforcement. The company trying to find out what specific information was accessed. Karim Toubba, CEO of LastPass said,
« As part of our efforts, we continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent further threat actor activity. We thank you for your patience while we work through our investigation. As is our practice, we will continue to provide updates as we learn more. »