Password management company LastPass has suffered it’s second data breach in five months, after attackers gained access to customer data using information they had stolen from the previous breach in August 2022.
LastPass Data Breach Statement
LastPass CEO, Karim Toubba, stated on the LastPass blog that they had “recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement.
We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.”
Passwords Remain Safe
LastPass is one of the most popular password management systems on the market, saying that it is used by over 33 million people and 100,000 businesses. A password manager such as LastPass allows individuals and businesses to save and manage all their passwords from one safe space. All they have to remember is their master password that unlocks their password manager.
LastPass has maintained that despite the hack, customer passwords remain safe.
If you are concerned about your password management system, or the LastPass data breach, please get in touch for a confidential chat.
Author: Lisa Seltzer, Agilient Consultant