Karim Toubba, the CEO of LastPass, just announced that LastPass was recently breached. LastPass was also breached in August of 2022. This incident appears to be related to the August 2022 incident.
LastPass detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. They immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement. LastPass determined that an unauthorized party, using information obtained in the August 2022 incident, was “able to gain access to certain elements of our customers’ information”.
LastPass states that “customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture”. LastPass also states that they are deploying enhanced security measures and monitoring capabilities across their infrastructure to help detect and prevent further threat actor activity.
Lastpass did not state what type of “customer information” was stolen.
LastPass is recommending customers follow their best practices on account setup.
If you use LastPass and do not have multi-factor authentication turned on, now would be a good time to turn it on.
—
“…was able to gain access to certain elements of our customers’ information”.
Whenever you read that sort of “PR Corporate-Speak” you start wondering what they haven’t told you rather than what they have !
Reg,
Yes, LastPass should just say exactly what “Customer Information” was taken — customers want to know. Why make them wonder?
Also, in my opinion, LastPass seems to have a lot of incidents. 1 in 2011, another in 2015, another in 2016, 2 in 2017, another in 2019, another in 2021, and now 2 in 2022.
I dumped LastCr@p a couple of years ago when this started. First, they started playing games with services, then they got their first hack. Enough is enough. SHUT THEM DOWN if they can’t handle having a target painted on their backside.
Just how many breaches does this company have to have before people wise up and walk away from it? Sooner or later there will be a breach that is going to be costly ,not for LastPass because they will walk away with your money, but millions of it’s users will be left hanging in the wind with their information out their for the taking ….. smh
I do use a password manager but not this one, but I do worry that one day there will be a breach and the encryption will be poor or something. Some password managers allow you to not include a cloud version so your information is only available on your device but if your moving between devices such as going between a desktop/laptop and a mobile phone, this is not ideal