Toni Dimaano Tech 11.30.2022 22:Nov PM EST

LastPass Suffers New Breach, Customer Data Gets Exposed

Another data breach hit LastPass, exposing user data as unknown hackers accessed its cloud storage through information collected from a previous security attack from August.

In a tweet, LastPass CEO Karim Toubba claimed that hackers used the password manager to gain access to certain customer information.

LastPass Had Been Breached Twice This Year

LastPass confirms that there was a recently detected unusual activity in their systems, which was shared by the company and its affiliate, GoTo.

Because of this, the company says that it has since hired the security firm Mandiant to look into the incident and that law enforcement has been made aware of the attack.

The premium password managing company also assures its customers that it is working diligently to know the scope of the incident and identify what information was compromised.

While it is unclear what user information hackers got access to, Toubba says that customers' passwords remain safe due to LasPass Zero Knowledge architecture.

This means that there is a company policy in place that makes sure only the users know their master password, with device-level encryption, The Verge writes.

This second security breach comes after an incident confirmed by LastPass in August, where the company's developer system was breached by a hacked developer account.

With this information, the new breach seems connected to the previous attack, which had access to their systems for about four days.

According to Bleeping Computer, an advisory about the recent hacking was published days after it reached out to LastPass and got no response about the issue.

At the time, emails were sent to customers confirming that the cybercriminals stole source code and proprietary technical information from the company.

LastPass is a company best known for being the most popular password management software, used by more than 33 million people and 100,000 businesses.

LastPass Is Taking Steps To Address The Breaches

In order to keep the integrity of the company towards its customers in light of the recent breaches, LastPass says that it is continuously conducting analyses of its source codes and systems.

While their capacity to do so is limited, the company assures customers that it is completing a rigorous review, testing, and investigation of their security environment.

As part of their risk management program, LastPass is also taking steps to enhance their existing safety practices, which include threat modeling, vulnerability management, and a bug bounty program.

Additionally, it deployed enhanced security controls such as additional endpoint security controls and monitoring, and additional threat intelligence capabilities, and enhanced detection and prevention technologies.

In its official site, the company's CEO also reassured customers that their personal data is safe in their care, and thanked them for their continued support amid the data breach incidents.

With that, cybersecurity teams continuously advise the public to remain vigilant and on the lookout for suspicious activities that might affect their privacy and security following the breach.