Password manager LastPass has continued to maintain the security of its customers’ passwords despite suffering its second data breach of 2022.
The breach was discovered on November 30 after LastPass detected “unusual activity” within a third-party cloud storage solution that it uses. Following its the detection, LastPass launched an investigation into the cyber security incident and alerted the authorities.
It was determined by the password management company that the malicious actor gained access to the cloud storage solution via data obtained in an earlier breach of the company on August 25 of this year.
The hacker was able to access “certain elements” of customer information, although no passwords were stolen during the cyber security incident.
LastPass has not yet been able to confirm what data was accessed during the breach but the company has said it is “working diligently to understand the scope of the incident”.
In the wake of the cyber attack, LastPass has said it will continue to “deploy enhanced security measures and monitoring capabilities” to detect further threats to its infrastructure.
On August 25, LastPass suffered a data breach after an unauthorized third party gained access to its developer environment through a compromised developer account.
The bad actor then took “some proprietary LastPass technical information” and “portions of source code”, although no passwords, master passwords or personal data or information were compromised during the breach.
Following an investigation, LastPass confirmed that the malicious actor had access to its developer environment for four days in August, during which their unauthorized activity was detected and contained. This activity did not involve the bad actor gaining access to encrypted password vaults of customer data.
The allegations came from a cybersecurity expert and Twitter user who has since been suspended by th…
An up-to-date timeline of the Medibank data leak that saw 9.7 million people’s data stolen and custo…
Medibank is working with the Australian Federal Police to assess how customers have been affected
The Department of Justice said it was “very disappointed” in the sentencing
A full timeline of the Optus data breach and the events that followed it
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.