LastPass has faced another cyber security incident just two months after an earlier security incident. The company’s CEO, Karim Toubba, has noted all these details via a public report.
And this report has also clarified that some of their customer’s information has also been compromised in this security breach, so let’s discuss it briefly below.
LastPass’ Latest Security Breach: All Details
According to the information from LastPass, the hackers have gained access to the company’s one storage server, but the clarification has already come out from the company that none of the customers’ passwords has been compromised.
Besides, this server was from a third-party cloud storage service that is being shared with LastPass and their affiliate GoTo which means it contains some data from both companies in one place.
We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate GoTo. Customer passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture. More info: https://t.co/xk2vKa7icq pic.twitter.com/ynuGVwiZcK
— LastPass (@LastPass) November 30, 2022
Currently, there is no confirmation about what kind of data has been stolen by hackers, but the company’s CEO has noted that some of their customers’ information has been accessed by the threat actor.
As we all know, the company holds their customers’ passwords, so they are well aware of avoiding any risk related to it.
That’s why they store their customers’ passwords on an unknown server where only their customers can log in, so it is safely encrypted, and they called this technology LastPass’s Zero Knowledge.
As Karim noted, this security breach is connected with an earlier security breach that they suffered in August because the hacker was able to get into their server with the information that he stole in the past data breach.
To identify what kind of information has been compromised and how hackers gained access, the company has already begun a full-scale investigation of this data breach.
And this investigation will be done by a cybersecurity firm, Mandiant, which is also a subsidiary of Google. Also, the company has notified Law Enforcement about it.