what you need to know
- LastPass CEO Karim Toubba provides an update on his August 2022 security breach.
- Further investigation of the attack revealed that some customer data was indeed compromised.
- LastPass is still working to determine the scope of the incident and what exact portions of user data were accessed by the attack.
Password manager LastPass is now notifying its users of a new breach that appears to have given attackers access to user data.
According to an updated notice (opens in new tab) from LastPass, further insight into the most recent August 2022 security incident has indeed revealed that customer data was affected (via 9to5Mac).
Karim Toubba, CEO of LastPass, stated in the update, “We have determined that information obtained in August 2022 allowed an unauthorized party to gain access to certain elements of our customers’ information. Our customers’ passwords remain securely encrypted due to LastPass’ zero-knowledge architecture.”
Now that we’re in December, the LastPass CEO explains that the company is still working to determine the scope of the incident and which pieces of customer data were accessed.
During the August attack, LastPass said an attacker was able to gain access to its source code and other technical data. As reported by 9to5Mac, the company’s owner, LogMeIn, stated that no customer data was compromised during the attack, which turned out not to be the case with this latest update.
Unfortunately, this isn’t the first time an attack on LastPass and the information it contains has been attempted. In late 2021, many LastPass customers were sent an alert about an unauthorized login to their account. Many of these alerts were sent out in error because the hacker never really got far enough to do any damage.
Password managers can be a great tool for us in our digital worlds, and if you’re still using LastPass despite the controversy over going a bit more restrictive, there are some security precautions you can take.
LastPass encourages customers to set up a strong Master Password while validating LastPass Authenticator and Multi-Factor Authentication to strengthen protection against potential attackers on the service and your data.