Password Manager LastPass Gets Hacked

Uploaded on 2022-12-06 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A hacker penetrated the software development environment at LastPass in August, stealing source code and other proprietary data. Now, the password management firm has disclosed it has been attacked again.

CEO Karim Toubba has confirmed that the password manager has been breached for a second time. 

LastPass is behind one of the world's most popular password management software, claiming that it's being used by more than 33 million people and 100,000 businesses.

Toubba said the company detected an unusual activity inside a third-party cloud storage service that it shares with its parent company GoTo, previously known as LogMeIn. Once in, the hackers managed to get access to customer data stored in the compromised storage service.

LastPass did not disclose what kind of customer data the attacker might have accessed but maintained that its products and services remained fully functional. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," LastPass has said. "We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement...  We are working diligently to understand the scope of the incident and identify what specific information has been accessed. In the meantime, we can confirm that LastPass products and services remain fully functional”, said the firm’s blog.

LastPass has suffered hacks of its service in previous years, with notable incidents in 2015 when there was unauthorised access of user account email addresses, password reminders, and authentication hashes. Right now, it is unclear if the apparent breach of GoTo's development environment is related to the August intrusion at LastPass, or if the two incidents are entirely separate. 

LastPass:        Dark Reading:     Gizmodo:    Bleeoing Computer:     Endgadget:     Reseller

You Might Also Read:

How Poor Password Hygiene Could Unravel Your Business:

 

« What Should CISO’s Look Out For In 2023?
Proactive Security Tips For Your Business After A Security Breach »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

MetricStream

MetricStream

MetricStream provide integrated GRC solutions across business, IT, and security functions.

Daon

Daon

Daon offers a universal biometric authentication platform for mobile devices.

Computing Technology Industry Association (CompTIA)

Computing Technology Industry Association (CompTIA)

CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy.

Dracoon

Dracoon

DRACOON is market leader in the German-speaking region for secure enterprise file sharing.

ECOMPLY

ECOMPLY

ECOMPLY is an all-in-one GDPR Compliance Solution. Efficient data protection management system for businesses and DPOsomply.

Police Digital Security Centre (PDSC)

Police Digital Security Centre (PDSC)

PDSC is a not-for-profit organisation, owned by the police, that works across the UK in partnership with industry, government, academia and law enforcement.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

AuthLite

AuthLite

With AuthLite, you can keep using all your existing software, with added two-factor authentication security placed exactly where you need it.

L3Harris Technologies

L3Harris Technologies

L3Harris Technologies is a global aerospace and defense technology innovator, delivering solutions to meet mission-critical needs across air, land, sea, space and cyber domains.

SecureData

SecureData

SecureData provide professional data recovery services, digital forensics, data recovery software and FIPS 140-2 Level 3 Validated hardware encrypted drives.

ShieldApps

ShieldApps

ShieldApps comprehensive suite of products is designed to protect your personal devices from privacy threats, including hacking attempts, online tracking, fingerprinting, phishing, malware, and more.

SCS Technology Solutions

SCS Technology Solutions

SCS Technology Solutions has become the preferred partner for top performing organisations across Lincolnshire for IT support and consultancy.

Vault Cloud

Vault Cloud

Vault Cloud, Australia's National Cloud, is an Australian owned and operated company specialising in secure, sovereign, hyperscale cloud infrastructure.

Emantra

Emantra

Emantra specialises in the enablement of Secure Cloud services through it’s comprehensive Sovereign Cloud Hosting, Secure Access Service Edge, and managed services.

Cyber Dagger

Cyber Dagger

Cyber Dagger is a cybersecurity company driven by a mission to protect digital infrastructures and close the cybersecurity skills gap.