Has the LastPass login been affected by the breach? We dive into the online account information and analyze what is known.
After its system was hacked again, password manager LastPass said they were investigating the issue.
Last month, the chief exec of LastPass said that hackers stole customer data from his firm’s servers in August. He said the hackers then tried to use the data for fraudulent purposes.
Toubba didn’t specify exactly which customer info was stolen, but he says they’re trying to figure out “what specific” information was breached.
GoTo, which acquired LogMeIn in 2015, said in an equally vague statement that it was looking into the issue. So far, it isn’t clear whether the hack affected LogMeIn and GOto customers.
LastPass announced in August that an unauthorized third party had access to parts of their internal systems. However, they say they prevented intruders from gaining access to user accounts or encrypted passwords.
LastPass Login Seems Unaffected; Passwords Remain Encrypted.
Goto spokesperson Elizabeth Bassler declined to comment beyond LastPass’ blog posting.
Once inside, the attackers could access customer data from the breached cloud service.
“We recently discovered some suspicious activity related to our cloud services.”
“We’ve concluded that someone gained unauthorized entry into our systems in August 2022 and used that information to steal some customer records.”
LastPass has reported that it hired security company Mandiant to investigate the breach and notified authorities of the hack.
It was also mentioned that customer accounts were not breached, and their password remains safe because of LastPass’s Zero Knowledge Architecture. However, they are investigating an issue where a third party potentially compromised some user data.
This is the second major security breach at LastPass since announcing in August that its development environment had been hacked through a weakly configured password for one of its developers.
The advisory was published days after a researcher contacted them for comment and received no response.
LastPass has confirmed that hackers stole source code and proprietary technical info from its systems.
A subsequent report indicated that the hackers who broke into the company had maintained internal access to its system for up to four days before they were forced out by IT staff.
LastPass claims that it has been downloaded by more than 33 million individuals and 100,000 companies.