The data of password management provider LastPass has been breached for the second time this year, using credentials obtained during the previous incident, said chief executive Karim Toubba
Toubba informed customers in a blog post that an “unauthorised party” breached a third-party cloud service shared by LastPass and its parent company GoTo, using data stolen from the password manager’s network in August, reported TechCrunch.
Source code and proprietary technical assets were taken by a threat actor to said third-party storage service, an investigation has determined.
However, the LastPass chief went on to state that customer data remains secure, with the company’s security preventing access to credentials and maintaining encryption of passwords.
Additionally, it was said that LastPass has no access to customer passwords, meaning that only users can decrypt credentials stored.
Following this latest breach, Toubba said LastPass is looking to “understand the scope of the incident and identify what specific information has been accessed”.
He added: “In the meantime, we can confirm that LastPass products and services remain fully functional.”
Going forward, Toubba announced further measures and monitoring to ensure that further malicious activity can be detected.
LastPass, and its parent company GoTo, have declined to comment beyond the blog post.
Currently, LastPass has over 85,000 business customers utilising its password management services.
Related:
Top 10 most disastrous cyber hacks of the 2020s so far — This article takes a look at the top 10 most disastrous cyber hacks carried out on organisations in this decade, so far.
Establishing a strong information security policy — There are several considerations for companies creating an information security policy. So, how can organisations ensure they have a strong policy in place which reflects the needs of the business?