LastPass Breached Again And This Time It Exposed Customer Details To Hackers
This new LastPass breach comes on the heels of a LastPass security breach in August. This earlier breach did not impact any customer data, as it instead affected the company’s development environment, which LastPass claims doesn’t store customer data and is isolated from the production environment. Nonetheless, the threat actors were able to gain unauthorized access to some LastPass source code and proprietary information stored in the development environment.
Now, the investigation of the new LastPass data breach has revealed that threat actors leveraged information stolen in the earlier breach to conduct the new one, which has affected customer information. The stolen information was stored in an unnamed third-party cloud storage service shared by both LastPass and GoTo. Both companies have yet to disclose what customer information the threat actors may have accessed. All we know is that customer passwords should be safe regardless of what information was stolen, as LastPass’s zero knowledge encryption prevents both threat actors and the company’s own employees from accessing the private keys that decrypt customers’ passwords.
The investigation into this new incident is still ongoing, but hopefully we’ll soon learn what information the threat actors accessed in this new data breach and how they managed to do so. The CEO says in his blog post that LastPass will “continue to provide updates as we learn more,” and the company made good on that promise after the last security breach, publishing an update on the results of its investigation three weeks after the breach was first announced. For now, LastPass users will have to sit tight and wait to hear what information of theirs, if any, was stolen in this data breach.