In August, password management company LastPass confirmed it was exposed to a cybersecurity incident that accessed its development environment. This led to the theft of some of its code and its own technical documentation while keeping customer data safe. However, the company suffered another security breach, and this time customer data was accessed.
LastPass CEO Karim Tubba, in an update to his initial report of the security incident, publicly announced that the company has detected unusual activity on an unnamed third-party cloud storage provider used by both LastPass and its GoTo subsidiary.
That’s why the firm launched an investigation into the matter, simultaneously dealing with the cybersecurity firm Mandiant and alerting law enforcement. It was determined that the attacker used information from the August breach to gain access to “certain elements” of customer data in the shared cloud. However, customer passwords remain encrypted and secure.
However, this is an ongoing investigation as LastPass is assessing the impact of the breach. LastPass products and services are currently operational, but customers are encouraged to follow the best practices outlined here. It’s unclear when we’ll hear an update on this topic, but this is expected as the situation evolves and this is still an active investigation. We’ll let you know when we hear more on the subject.
Source: Port Altele
John Wilkes is a seasoned journalist and author at Div Bracket. He specializes in covering trending news across a wide range of topics, from politics to entertainment and everything in between.
