The service is used by more than 33 million people worldwide. The new successful attack on the company’s servers was reportedly the result of a previous attack by hackers in August 2022 – they used data obtained at that time.

what is known

During the summer, unknown hackers gained access to the development environment by hacking the account of one of the employees. While LastPass said it found no evidence of any compromise of customer data and encrypted password stores, it confirmed that attackers were able to steal parts of the source code and “private technical information.” The attackers remained undetected on the company’s network for four days.

Now, LastPass reps have declared reconciliation and this time it also affected customer data.

We recently discovered unusual activity in a third-party cloud storage service currently used by both LastPass and its affiliate GoTo. Using information obtained as a result of an incident that occurred in August 2022, we determined that an unauthorized person had access to certain elements of our customers’ information,
– says the company.

Information security company Mandiant has already been involved in the investigation, and law enforcement has also been briefed about the attack.

It is not yet known what information the hackers had access to and how long they had been on the network.