Dec 05 – The password management platform known as LastPass has suffered its second data breach in three months. Both breaches appear to have been initiated by the same set of cyber criminals. The latest breach is worse than researchers initially believed…
According to the company, an “unauthorized party” compromised LastPass systems on Wednesday, November 30th, and gained access to some customer data. At the time of the breach, the data was stored in a third-party cloud service shared by both LastPass and LastPass parent company, GoTo.
Despite the breach, CEO of LastPass CEO Karim Toubba states that “customers’ passwords remain safely encrypted.”
In the previous cyber security incident, LastPass said that the cyber criminals gained access to the LastPass development environment via a developer’s compromised endpoint. In turn, this enabled the cyber criminals to steal source code and select LastPass proprietary information.
An investigation remains underway for the most recent Lastpass breach, meaning that there’s currently some haziness around what data was accessed and who it belonged to.
“We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” said Toubba. “In the meantime, we can confirm that LastPass products and services remain fully functional.”
For more on password management, please see CyberTalk.org’s past coverage. Lastly, to receive cutting-edge cyber security news, exclusive interviews, more expert analyses and leading security resources, please sign up for the CyberTalk.org newsletter.