The Popular password-management firm LastPass announced that it was investigating a second security issue in which hackers gained access to some of its customer data.
According to LastPass CEO Karim Toubba, “We recently discovered suspicious activity within a third-party cloud storage service, which is now used by both LastPass and its partner, GoTo.”
Through the use of data gained from a prior breach in August 2022, an unauthorized third party was able to access “some components of our customers’ information” as a result of the digital intrusion.
We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement.
We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.
Customers of LastPass and GoTo may be affected, however the extent of the compromise is still unknown. Passwords used by users weren’t hacked, though. LastPass said that it has engaged Mandiant’s services and informed law enforcement of the most recent development. It said that it was trying to figure out exactly what data was accessed and the investigation is still in process.