Password Manager LastPass Gets Hacked

A hacker penetrated the software development environment at LastPass in August, stealing source code and other proprietary data. Now, the password management firm has disclosed it has been attacked again.

CEO Karim Toubba has confirmed that the password manager has been breached for a second time. 

LastPass is behind one of the world's most popular password management software, claiming that it's being used by more than 33 million people and 100,000 businesses.

Toubba said the company detected an unusual activity inside a third-party cloud storage service that it shares with its parent company GoTo, previously known as LogMeIn. Once in, the hackers managed to get access to customer data stored in the compromised storage service.

LastPass did not disclose what kind of customer data the attacker might have accessed but maintained that its products and services remained fully functional. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," LastPass has said. "We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement...  We are working diligently to understand the scope of the incident and identify what specific information has been accessed. In the meantime, we can confirm that LastPass products and services remain fully functional”, said the firm’s blog.

LastPass has suffered hacks of its service in previous years, with notable incidents in 2015 when there was unauthorised access of user account email addresses, password reminders, and authentication hashes. Right now, it is unclear if the apparent breach of GoTo's development environment is related to the August intrusion at LastPass, or if the two incidents are entirely separate. 

LastPass:        Dark Reading:     Gizmodo:    Bleeoing Computer:     Endgadget:     Reseller

You Might Also Read:

How Poor Password Hygiene Could Unravel Your Business:

 

« What Should CISO’s Look Out For In 2023?
Proactive Security Tips For Your Business After A Security Breach »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Prewen

Prewen

Prewen provide solutions to protect sensitive data across the organisation.

Lanner Electronics

Lanner Electronics

Lanner Electronics is a leading hardware provider for advanced network appliances and industrial automation solutions including cyber security.

Virgil Security

Virgil Security

Virgil Security provides easy-to-deploy and easy-to-use cryptographic software and services for use by developers and end-users.

Momentum Cyber

Momentum Cyber

Momentum Cyber provides world-class M&A and strategic advice combined with unparalleled senior-level access to the Cybersecurity ecosystem.

Commonwealth Cybercrime Initiative (CCI)

Commonwealth Cybercrime Initiative (CCI)

The CCI unites 35 international organisations contributing to multidisciplinary programmes in Commonwealth countries. These organisations form the CCI Consortium.

Greenwave Systems

Greenwave Systems

Greenwave's AXON Platform enables IoT and M2M network service providers to address security, interoperability, flexibility and scalability from a single IoT platform.

Gradcracker

Gradcracker

Gradcracker is THE careers website for Science, Technology (including Cybersecurity), Engineering and Maths university students in the UK.

EUROCONTROL

EUROCONTROL

EUROCONTROL is a pan-European, civil-military organisation dedicated to supporting European aviation. We help our stakeholders protect themselves against cyber threats.

Network Center Inc (NCI)

Network Center Inc (NCI)

NCI is one of the largest IT solution providers in the Midwest. We specialize in industry specific technology solutions, service, support, and expertise for small to enterprise businesses.

Northcross Group (NCG)

Northcross Group (NCG)

NCG provides services to help organizations meet the challenges of regulatory compliance. Our services include support, consultation, tools and accelerators for all parts of an organization.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

MedSec

MedSec

MedSec is the only company of its type focused solely on cybersecurity for hospitals and medical device manufacturers, offering both a cybersecurity software solution and consulting services.

AnyTech365

AnyTech365

AnyTech365 is a leading European IT Security and Support company helping end users and small businesses have a worry-free experience with all things tech.

ProjectDiscovery

ProjectDiscovery

ProjectDiscovery is an open-source, cybersecurity company that builds a range of software for security engineers and developers.

Bastazo

Bastazo

Bastazo provides tools for vulnerability and patch management. Focus your cybersecurity operations on vulnerabilities with the highest risk of exploitation.

Olympix

Olympix

Dev-first Web3 security that starts at the source. Olympix is a pioneering DevSecOps tool that puts security in the hands of the developer by proactively securing code from day one.