Cyber Attack

LastPass Hacked – Attackers Breached Cloud Storage & Access Customer Data

Using data from the August 2022 incident, LastPass experienced a breach of user information within a third-party cloud storage service.

LastPass is a freemium Android password manager that simply collects encrypted passwords online, and LogMeIn, Inc. obtained the LastPass in October 2015.

“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” the company said.

“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.”

The breach is the subject of an ongoing investigation conducted by Mandiant, according to LastPass CEO Karim Toubba, who also stated that law enforcement had been informed.

Additionally, the company stated that customer passwords “remain safely encrypted due to LastPass’s Zero Knowledge architecture” and have not been compromised.

August 2022 Saw a Breach of the Organization’s Developer Environment

In the August incident, a developer account that had been hijacked by hackers had allowed them access to the company’s developer environment.

At the time, the company stated that no customer information or passwords had been exposed and that the attacker had only accessed “source code and some proprietary LastPass technical information” as a result of the incident.

The company then disclosed that the attackers of the security breach in August had internal access to its systems for four days before being ejected.

It’s unclear in this instance what exact consumer information was disclosed.

“We are working diligently to understand the scope of the incident and identify what specific information has been accessed”, according to LastPass’s recent notice of a security incident.

“We can confirm that LastPass products and services remain fully functional”. 

Company’s Response to the Incident

The company promised to implement improved security controls and monitoring tools to stop further threat activity.

“As part of our efforts, we continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent further threat actor activity”, LastPass.

Penetration Testing As a Service – Download Red Team & Blue Team Workspace

Guru Baran

Recent Posts

Ferrari Hacked – Attackers Gained Access to Company’s IT Systems

A threat actor recently contacted Ferrari S.p.A., an Italian luxury sports car manufacturer headquartered in…

3 hours ago

NBA Cyber Incident – Fans’ Personal Information Exposed

As a result of a recent data breach, the NBA notified all its fans about…

1 day ago

Beware of New Trigona Ransomware Attacking Finance and Marketing Industries

The relatively new Trigona ransomware strain, according to Unit 42 researchers, was particularly active in…

3 days ago

Fake Calls Android Malware Attacking Android Users to Steal Banking Details

An Android Trojan dubbed “FakeCalls” was spotted by the Check Point Research team. This malware…

4 days ago

CISA Urgent Warning: Adobe ColdFusion Bug Exploited As A Zero-day in the Wild

CISA has updated its list of security flaws that have been actively exploited, including a…

5 days ago