LastPass Has Revealed Yet Another Security Breach

The CEO of LastPass, Karim Toubba, has revealed that the leading password manager has suffered another serious data breach. Toubba said that LastPass engineers detected unusual activity from a third-party cloud storage service in August 2022 — a service shared with parent company GoTo, which readers may remember by its former name of LogMeIn.

Security firm Mandiant was hired to investigate the suspicious incident, and together, they uncovered that the unauthorized person(s) gained access to LastPass cloud services using information obtained from a previous security breach in August of this year. The latest incident is thought to be rather serious, giving the criminal party access to “certain elements” of customer information.

When the password manager’s systems were breached back in August, Toubba says that after an investigation, the unauthorized party was found to have had internal access to LastPass systems for four days. The hacker was able to steal source code and some technical information, but security engineers said customer data and password vaults remained safe.

Also Read: WhatsApp Hacker Is Selling Over 150 Million MENA Numbers

In a separate but related announcement, parent company GoTo has admitted that hackers gained entry into its own development environment of remote work tools. Echoing the statement from LastPass, GoTo has assured customers that its services are functioning fine despite the data breach. Both LastPass and its parent company are still investigating the scope of the incidents, and we’ll likely hear more details over the coming months.