The developers of the popular password management app and service LastPass say they are investigating a new security breach that involves some data theft, a mere three months after the last breach. The new breach was apparently pulled off by using the bad actors using information obtained in the August 2022 incident.
“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” wrote Karim Toubba, LastPass CEO, in a blog post. “We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement.”
“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information,” continued Toubba. “Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.”
“We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” Toubba says.
The company tells users to make sure to keep their LastPass app updated to the latest version. The company offers general best practice guidelines online.