Password Manager LastPass Gets Hacked
A hacker penetrated the software development environment at LastPass in August, stealing source code and other proprietary data. Now, the password management firm has disclosed it has been attacked again.
CEO Karim Toubba has confirmed that the password manager has been breached for a second time.
LastPass is behind one of the world's most popular password management software, claiming that it's being used by more than 33 million people and 100,000 businesses.
Toubba said the company detected an unusual activity inside a third-party cloud storage service that it shares with its parent company GoTo, previously known as LogMeIn. Once in, the hackers managed to get access to customer data stored in the compromised storage service.
LastPass did not disclose what kind of customer data the attacker might have accessed but maintained that its products and services remained fully functional. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," LastPass has said. "We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement... We are working diligently to understand the scope of the incident and identify what specific information has been accessed. In the meantime, we can confirm that LastPass products and services remain fully functional”, said the firm’s blog.
LastPass has suffered hacks of its service in previous years, with notable incidents in 2015 when there was unauthorised access of user account email addresses, password reminders, and authentication hashes. Right now, it is unclear if the apparent breach of GoTo's development environment is related to the August intrusion at LastPass, or if the two incidents are entirely separate.
LastPass: Dark Reading: Gizmodo: Bleeoing Computer: Endgadget: Reseller:
You Might Also Read:
How Poor Password Hygiene Could Unravel Your Business: