Photo by Tada Images/Shutterstock.com
Lastpass experienced another data breach this year, and this time around, the user data was exposed. The attacker was able to gain access to customer data using information stolen in the August 2022 breach.
The company detected unusual activity in their third-party cloud storage service, which is shared with their affiliate Go To, and determined that the cybercriminals could access “certain elements” of customer information.
While there’s no transparency over the kind of user data that the attackers could access during the breach, Lastpass maintains that customer passwords remain safe and all their services remain functional.
“We are working diligently to understand the scope of the incident and identify what specific information has been accessed. In the meantime, we can confirm that LastPass products and services remain fully functional,” said Karim Toubba, CEO, Lastpass.
This Lastpass breach comes mere months after the initial breach in which the attackers got away with portions of source code and some proprietary tech information. None of the customer data or encrypted password vaults was accessed during the August breach.
In August, the company found out that a single compromised developer account allowed the cybercriminals to access portions of the Lastpass development environment, which allowed them to steal portions of the source code and proprietary data.
This data was used to breach the systems again this time around.
“As part of our efforts, we continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent further threat actor activity,” Toubba added.
Lastpass is working with security firm Mandiant and law enforcement to investigate the breach.
Last December, Lastpass blamed credential stuffing as dozens of people received email notifications that their master password was compromised and further login attempts were blocked. However, it was also reported that thousands of Lastpass login credentials were found in Redline Stealer malware logs.
In the News: Attackers are using ‘aged’ domains to bypass security platforms