LastPass Confirms New Hack, Leaks Some Customer Data

Hackers’ August hack of password management provider LastPass has been used to re-compromise the company, the company’s CEO has confirmed.

“Using information obtained in the August 2022 incident, we have determined that unauthorized parties were able to access certain elements of customer information,” Karim Tuva said in a statement Wednesday.

According to Toubba, the discovery was made after the company.We have recently detected unusual activity within a third-party cloud storage service currently shared by both LastPass and its affiliates. jump.

Customer passwords remain securely encrypted, he added.

“We are working diligently to understand the scope of the incident and identify the specific information that was accessed. As always, we encourage you to follow our best practices for setting up and configuring LastPass. here”

As part of that effort, LastPass will continue to roll out enhanced security measures and monitoring capabilities across its infrastructure to help detect and prevent further threat actor activity, Toubba said.

Given the huge number of passwords protected around the world, Lastpass remains a big target, said Yoav Iellin, a senior researcher at Silverfort.

LastPass has acknowledged that the attackers used information obtained from previous intrusions to gain access, but it remains unclear what exactly this information is, he said. Iellin said it’s usually a best practice after an organization is compromised to generate new access keys and replace other compromised credentials to prevent reuse of things like cloud storage and backup access keys. I added that it is

LastPass subscribers should be aware of updates and verify that they are legitimate before taking action. If you haven’t done so already, he also says you should change your password and enable two-factor authentication for any application that uses passwords with LastPass.

In the August incident, some of the company’s source code was stolen after one of its developer accounts was hacked.

The company says it has 100,000 business customers and individual users. Together, he counts 33 million registered users, the “majority” of which are corporate customers.