LastPass says threat actors using information stolen in a previous attack have been able to access “certain elements” of customer data.
It has been three months since LastPass confirmed it was the subject of a cybersecurity breach. Since that August revelation, the password management firm has been trying to build bridges with its customers. However, the company has now suffered another incident and hackers have been able to access customer data.
In August, threat actors broke through LastPass security and were able to enter the development environment of the service. In that breach, the company lost snippets of code and technological documentation. Even so, customer information remained secure.
However, this latest attack is worse because customers are now directly affected. In a security incident note, LastPass confirms the lapse.
CEO Karim Toubba says that the company’s security team found unusual activity coming from a third-party cloud storage provider. This provider is used by both LastPass and its affiliate GoTo.
Investigating further, the company found that attackers using data stolen in August were able to leverage the information to access customer data on the shared cloud. LastPass says it has disclosed the issue to law enforcement and is also working with cybersecurity research firm Mandiant.
The company says “certain elements” of customer data were accessed. Although, LastPass insists that no passwords were breached. That should mean the most important customer data remains encrypted.
It is worth remembering details are scarce and the investigation is ongoing. LastPass services remain running and functional. The company is simply warning customers to follow best practices. As this is a fluid situation, it may take a few updates from LastPass before we know exactly what has been happening.
Tip of the day: Is your system drive constantly full and you need to free up space regularly? Try Windows Disk Cleanup in extended mode which goes far beyond the standard procedure. Our tutorial also shows you how to create a desktop shortcut to run this advanced method right from the desktop.