Password Manager LastPass Gets Hacked

A hacker penetrated the software development environment at LastPass in August, stealing source code and other proprietary data. Now, the password management firm has disclosed it has been attacked again.

CEO Karim Toubba has confirmed that the password manager has been breached for a second time. 

LastPass is behind one of the world's most popular password management software, claiming that it's being used by more than 33 million people and 100,000 businesses.

Toubba said the company detected an unusual activity inside a third-party cloud storage service that it shares with its parent company GoTo, previously known as LogMeIn. Once in, the hackers managed to get access to customer data stored in the compromised storage service.

LastPass did not disclose what kind of customer data the attacker might have accessed but maintained that its products and services remained fully functional. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," LastPass has said. "We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement...  We are working diligently to understand the scope of the incident and identify what specific information has been accessed. In the meantime, we can confirm that LastPass products and services remain fully functional”, said the firm’s blog.

LastPass has suffered hacks of its service in previous years, with notable incidents in 2015 when there was unauthorised access of user account email addresses, password reminders, and authentication hashes. Right now, it is unclear if the apparent breach of GoTo's development environment is related to the August intrusion at LastPass, or if the two incidents are entirely separate. 

LastPass:        Dark Reading:     Gizmodo:    Bleeoing Computer:     Endgadget:     Reseller

You Might Also Read:

How Poor Password Hygiene Could Unravel Your Business:

 

« What Should CISO’s Look Out For In 2023?
Proactive Security Tips For Your Business After A Security Breach »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Foregenix

Foregenix

Foregenix are global specialists in Digital Forensics and information security including Penetration testing and Website Security.

Cyber Risk & Insurance Forum (CRIF)

Cyber Risk & Insurance Forum (CRIF)

CRIF helps organisations understand cyber risks and the damage that might occur by supporting the development of effective insurance solutions.

Cyber 2.0

Cyber 2.0

Cyber 2.0 is the only system in the world that blocks all forms of cyber attack within the organization, including new and unfamiliar attack methods.

Gilbert + Tobin

Gilbert + Tobin

Gilbert + Tobin is an Australian corporate law firm serving clients throughout Australia, and around the world, on a broad range of legal issues including cyber security.

Egyptian Supreme Cybersecurity Council (ESCC)

Egyptian Supreme Cybersecurity Council (ESCC)

ESCC is responsible for developing a national strategy to face and respond to the cyber threats and attacks and to oversee its implementation and update.

Expanse

Expanse

Expanse SaaS-delivered products plus service expertise reduce your internet edge risk to prevent breaches and successful attacks.

Duality Technologies

Duality Technologies

Duality Technologies combine Advanced Cryptography with Data Science to deliver High-Performance Privacy-Protecting Computing to Regulated Industries.

SecSign Technologies

SecSign Technologies

SecSign Technologies delivers user authentication, messaging, file sharing, and file storage with next generation security for company networks, websites, platforms, and devices.

Mobileum

Mobileum

Mobileum is a leading provider of Telecom analytics for roaming, security and risk management and end-to-end domestic and roaming testing solutions.

Cybrella

Cybrella

Cybrella offers professional cybersecurity services for small to medium sized businesses and to larger enterprises looking to expand their cybersecurity capabilities.

ServerScan

ServerScan

ServerScan specializes in providing server scanning & compliance services to organizations of all types and sizes.

Saporo

Saporo

Saporo helps organizations increase their cyber-resistance. Continuously map your attack surface and get the recommendations you need to make your organization more resistant to attacks.

Suffescom Solutions

Suffescom Solutions

Suffescom Solutions is a leading blockchain development company, assisting businesses in harnessing the true potential of blockchain technology.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

Xobee Networks

Xobee Networks

Xobee Networks is a Managed Service Provider of innovative, cost-effective, and cutting-edge technology solutions in California.

Autobahn Security

Autobahn Security

Autobahn Security is a growing team of 80+ experts from 25+ nationalities, established in 5 countries. We’re working hard to make Autobahn Security the No. 1 solution for improved hacking-resilience.