LastPass confirmed a new security breach in their systems, in which the hackers would have accessed information of some users. Karim Toubba, CEO of LastPassposted an update on the company blog where he details a security incident. According to Toubba, the intrusion would have been carried out with information obtained in a previous hack.
“We recently detected unusual activity within a third-party cloud storage service, currently shared by LastPass and its affiliate, GoTo,” the CEO said. The company says it launched an investigation with the help of a security firm and also alerted the authorities.
In the latest blog update, Karim Toubba said that the hackers accessed “certain elements of user information.” using information extracted in August 2022.
We are working diligently to understand the scope of the incident and identify what specific information has been accessed. In the meantime, we can confirm that LastPass products and services remain fully functional.
Karim Toubba, CEO of LastPass
For those who don’t remember, LastPass confirmed a security breach on August 25where hackers accessed the development environment after compromising an employee’s account. the attackers they stole part of the source code of the password manageras well as proprietary technical information. After discovering the fact, the company launched an investigation.
Weeks later, LastPass confirmed that there was no access to user data and the attack was only limited to the development environment. While the company made sure to seal the security holes, the fact that the hackers moved for four days without being detected left its mark.
Security breaches are becoming commonplace in LastPass
LastPass has become the target of various attacks that violate their systems. In December 2021, multiple users of the password manager received emails reporting suspicious account activity. The messages alerted about a login using the master password from an unrecognized device or location.
Although LastPass revealed that alerts were mistakenly sent to a limited number of customers, the answer was not enough for users. One of them stated that login attempts were also showing up on his control panel and immediately contacted technical support. The company did not make any further statements and limited itself to saying that they had resolved the bug that had triggered the alerts.
LastPass is one of the most popular password managers, although it is also It is among those that generate the greatest distrust. An investigation by a security expert in 2021 discovered seven built-in trackers that collect and send some user data to marketing companies. Unlike 1Password or KeePass, LastPass integrates third-party code that would lead to security breaches.
Although LastPass would be insecure, it’s still better than writing passwords down in a notepad file or using the same one across all services. If you are looking for a good password manager, you can review this list where we have compiled some recommended options.
