LastPass Breached Again

Written by Edward Gately
January 1, 1970

In the week’s other cybersecurity news …

LastPass, the password management provider used by more than 33 million people around the world, has been breached again. It was last breached in August, when bad actors stole source code and proprietary technical information.

In a new blog, Karim Toubba, LastPass’ CEO, details the latest incident.

“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” he said. “We immediately launched an investigation, engaged Mandiant … and alerted law enforcement. We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’ zero knowledge architecture. We are working diligently to understand the scope of the incident and identify what specific information has been accessed. In the meantime, we can confirm that LastPass products and services remain fully functional. As always, we recommend that you follow our best practices around setup and configuration of LastPass.”

Chris Vaughan is Tanium‘s vice president of technical account management for EMEA and South Asia.

“It’s concerning to hear that LastPass has experienced another security incident following a previous one that was made public back in August,” he said. “The attack involved source code and technical information being taken from unauthorized access to a third-party storage service the company was using. The new breach is more severe because customer information has been accessed, which wasn’t the case previously. The intruder has done this by leveraging data exposed in the previous incident to gain access to the LastPass IT environment. The company says that passwords remain safely encrypted and that it is working to better understand the scope of the incident and identify exactly what data has been taken. You can bet that the IT security team is working around the clock on this, and their visibility of the network and the devices being connected to it will be severely tested. Most organizations don’t have full visibility, which can make it very difficult in the aftermath of a breach to analyze what damage has been done and where the attacker’s entry point was.”

Amit Shaked is CEO and co-founder of Laminar, a multicloud security provider.

“This incident shows that even companies that specialize in security are still learning how to best protect and monitor data residing in third-party cloud applications,” he said. “This education gap is leading to the compromise of important customer and company data. Therefore, it is essential for data and security teams across all industries to think beyond their on-premises infrastructure when asking where is our sensitive data and is it protected.”

Tags:

Edward Gately

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.