Business, Security

LastPass says a new product launch brought down its platform

Brendyn Lotz

8th March 2024

Oft breached password manager LastPass experienced unexpected downtime on Thursday.
Users were unable to log into the platform for less than an hour.
The downtime was reportedly caused by a product release that was eventually rolled back when problems were discovered.

On Thursday afternoon, LastPass users were unable to access their vault of passwords.

Thankfully the outage only lasted for less than an hour, but during that time all users were told upon trying to log in that “An unknown error occurred”. Also concerning was the fact that the LastPass Status page didn’t report a problem.

The inability to access LastPass was, as it turns out, caused by an internal issue at LastPass.

“Earlier this morning, LastPass.com experienced an outage that lasted for less than 30 minutes. Our engineering team was alerted to the site being down, began investigating immediately, and identified a product release that caused the outage. The team reverted the product release, resolving the issue, allowing LastPass customers to access the application successfully again. As part of our investigation, we found an error in our release processes and have updated them accordingly,” LastPass told 9 to 5 Mac.

What exactly that product release was is unclear but given that’s release negatively affected seemingly every LastPass user, it obviously needed some more time in the oven.

While downtime isn’t uncommon for online platforms, even Meta is prone to the odd break in transmission, when it comes to LastPass an outage is mighty concerning.

This is because the platform has been breached on more than one occasion. The most recent of these breaches was in December 2023.

“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo (which owns the password manager). We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement,” the company noted in a blog post at the time.

This was LastPass’ second breach in 2023 with the first taking place in August.

While no customer data has been compromised in last year’s breaches, the fact that the platform keeps being compromised by attackers is very concerning. We’re sure Thursday’s outage hasn’t earned LastPass new fans and we suspect that some may start exploring their options as far as password managers go.

For many, ourselves included, password managers are the best way to keep track of the hundreds of passwords we have for the online platforms we use. Unfortunately, if an attacker manages to compromise your password manager’s master password they have the literal keys to your online kingdom.

Good password managers don’t store that master password. You can read more about how LastPass protects master passwords here.

About Author

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.