LastPass was Hacked, but your Passwords are Safe
LastPass, one of the most popular password management software solutions, has been breached. “Elements of our customers’ information” were compromised by hackers in the second of two recent security breaches suffered by the password service.
The two breaches appear to be directly linked, as a developer with the company said that customer info was accessed “using information obtained in the August 2022 incident.” The “information” that was obtained in August included elements of LastPass’s source code, which lead to threat actors being able to steal private information in this most recent attack.
The breach was detected when LastPass found “unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo.”
Although some private information was obtained by the malicious attack, LastPass says that no password information was stolen. According to the company, password information remains safe and encrypted.
LastPass implements a Zero Knowledge structure, which means that a user only has knowledge of their master password, and data stored inside their vault. This means that not even LastPass developers can access your information. Security measures like this means that hackers were unable to steal any password data.
Even though passwords are safe, this still sounds an alarm for users, as they understandably are concerned about their private data. LastPass isn’t just a location where users can store their passwords. Users also use the app to safeguard credit card information, private notes, and other data meant to be stored privately.
In this most recent attack, LastPass is working with security firm Mandiant to investigate what happened. Law enforcement have also been notified and will likely conduct an investigation of their own.
In a statement, LastPass reassured its users that “products and services remain fully functional,” and that they will post updates “as we learn more.” They also recommend that users set up and configure their accounts using the instructions on the LastPass website.
Story via Digital Trends