advertisement
Facebook Instagram Linkedin Youtube Spotify
Search
Close this search box.
Facebook
X
LinkedIn
WhatsApp
Reddit

LastPass confirms breach, the second in the space of a year

  • In August, online password management platform LastPass said it was breached, with its development environment impacted. 
  • At the time the good news was that no customer data was compromised. 
  • Now three months later, LastPass says it was breached again, with it still investigating the incident. 

Data breaches and hacks (no, they not the same thing) being announced every other week is commonplace these days, which is why we often point to solutions like password managers to promote good cybersecurity habits. As it turns out, however, even password managers are not averse to breaches, as LastPass has confirmed that it recently suffered one, again.

This makes two in a little over three months, with a breach confirmed in August this year. That specific incident saw the LastPass developer environment affected, but importantly for customers, none of their data was compromised.

At the time of writing, we cannot say the same thing about this most recent breach, as the company is still in the process of investigating it. That said, it looks like the August breach may be linked to this latest one.

We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo (which owns the password manager). We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement,” the company noted in a blog post

We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture,” it added. 

LastPass is also in the process of contacting its customers regarding the breach, with emails being sent out to all.

“We are working diligently to understand the scope of the incident and identify what specific information has been accessed. As part of our efforts, we continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent further threat actor activity. In the meantime, we can confirm that LastPass products and services remain fully functional,” the email reads.

As a general rule of thumb, when an incident like this occurs, it is best to do some spring cleaning and freshen up any old passwords or logins. We are awaiting further word of what the investigation yields and will update accordingly once LastPass shares said information.

advertisement

About Author

More
Robin-Leigh Chetty

Robin-Leigh Chetty

Editor of Hypertext. Covers smartphones, IoT, 5G, cloud computing and a few things in between. Also a keen photographer and dabbles in console games when not taking the hatchet to stories.
advertisement

Related News

TikTok may just exit the US market

SA saying “Goodbye malaria!”

Local ISPs reveal the fibre network operators they hate working with

SPEEDRUN – Nearly half of SA companies are using Gen AI

Start saving for LEGO’s May releases in South Africa

Zuckerberg warns Meta investors that profits from AI will take time

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.
© 2024. All rights reserved by HTXT.