In an official announcement, LastPass confirmed that some unknown people had accessed its customer data using stolen credentials from a previous breach. Assuring that no customer passwords were compromised, the company has now hired a forensic firm to investigate the incident further.
LastPass Data Breach
With over 33 million users and 100,000 business clients, LastPass is no doubt a popular password manager. This makes it an interesting target to breach whenever there’s a loophole. And hackers did for the second time this year!
— LastPass (@LastPass) November 30, 2022 After a breach in August, some unknown people have accessed the LastPass cloud storage that it shares with its GoTo affiliate, said the company in an announcement. The unauthorized parties have accessed the customer data using stolen credentials from an August breach incident. While there are customers’ passwords compromised in this case due to LastPass’s Zero Knowledge Architecture, the company claims to have informed law enforcement and hired Mandiant – a security firm to investigate the incident deeper. Further, While we wait for the details, the earlier breach from August was due to a compromised developer account. In email notifications sent to customers at that time, LastPass said the hackers had stolen their source code and proprietary technical information from its systems. Further, the company even said that hackers had stayed within their network for four days before they were detected and evicted. This duration is more than enough to suck out all the important information – which maybe helped them in the latest attack.