• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
lastpass admits 'elements' of customer data accessed in breach

LastPass admits ‘elements’ of customer data accessed in breach

You are here: Home / General Cyber Security News / LastPass admits ‘elements’ of customer data accessed in breach
December 1, 2022

Password supervisor business LastPass has revealed that it was issue to a further security breach in which a menace actor accessed a technique utilised by the firm, as nicely as some buyer information and facts.

LastPass said that strange exercise was detected on a third-party cloud storage system utilised by LastPass. Subsequent the launch of an investigation involving cyber security organization Mandiant, it was founded that a menace actor accessed some shopper information.

There is no evidence to advise that purchaser passwords have been impacted or attained in the attack, and LastPass states that all passwords continue being securely encrypted.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The incident follows a equivalent attack in August in which a hacker stole LastPass supply code. In that circumstance, the hacker designed use of a compromised developer account to breach the company’s enhancement environment and then stole supply code and technical information. At the time, the agency denied that any client info or password vaults had been stolen.

In the statement announcing the new incident, LastPass CEO Karim Toubba linked the two attacks by suggesting that it was details stolen in the August incident that enabled this new attack.

“We have identified that an unauthorised party, applying facts attained in the August 2022 incident, was in a position to achieve access to selected factors of our customers’ information,” said Toubba in a blog site publish. “Our customers’ passwords continue to be safely encrypted owing to LastPass’s Zero Information architecture.

“We are doing the job diligently to realize the scope of the incident and establish what specific details has been accessed. In the meantime, we can confirm that LastPass items and products and services stay completely useful.”

LastPass affiliate GoTo (previously LogMeIn) was also affected in the attack the two businesses share the very same third-party cloud storage company. 

In a blog site publish masking the incident, GoTo CEO Paddy Srinivasan said that the organization “detected strange action inside our development atmosphere and third-party cloud storage service”.

The corporation said that all its items and services keep on being operational and that it is deploying even further security actions and monitoring to reduce further activity from menace actors.

GoTo has not available additional facts on the particular action executed within its development atmosphere, and in contrast to LastPass designed no mention of consumer data becoming influenced.

Password administrators are a well known resolution for storing logins securely, and can be particularly beneficial for business use specifically in roles burdened with a large range of critical passwords.

In addition to properly storing passwords, such administrators also make cryptographically-safe passwords that are significantly more difficult for hackers to guess than the most prevalent passwords.

LastPass has urged shoppers to stick to its advisable security tactics, and is doing work with GoTo, Mandiant, and regulation enforcement companies to investigate the issue.

IT Pro has approached GoTo for comment.


Some parts of this posting are sourced from:
www.itpro.co.uk

Previous Post: «researchers disclose critical rce vulnerability affecting quarkus java framework Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework
Next Post: Hackers Leak Another Set of Medibank Customer Data on the Dark Web hackers leak another set of medibank customer data on the»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.