Second Breach in Last Three Months for LastPass
December 15, 2022

LastPass, a major password manager, has suffered its second breach in the past three months by the same unknown attackers. These threat actors breached LastPass’s third-party cloud storage service, shared by its affiliate “GoTo” and using information stolen during an August 2022 security incident. Once in, they accessed LastPass customer data. LastPass said that it hired security firm Mandiant to investigate and notified law enforcement of the attack. It did announce that customers’ passwords were not compromised and “remain safely encrypted due to LastPass’s Zero Knowledge architecture.” The company had confirmed in August that its developer environment was breached by a compromised developer account during a four-day period. In emails sent to customers at the time, LastPass confirmed the attackers had stolen source code and proprietary technical information from its systems. LastPass’s password management software is used by more than 33 million people and 100,000 businesses.
Get our free daily newsletter
Subscribe for the latest news and business legal developments.
Read this next
Top 100 Litigator Sues Blue Cross Over His Cancer Treatment
In 2018, Robert Salim, 67, realized he was seriously ill. After numerous […]
Financial Industry Suing to Foil New Regulations
New rules aimed at lenders, investment funds, and other financial entities would […]
GC Must Warn Boards Of AI Risks
There are companies investing hundreds of millions of dollars or more into […]