Password manager LastPass has been hacked. Unknown hackers hijacked the company’s cloud storage and stole customer information. The captured customer data comes from the compromised storage service.
The attackers managed to access stored customer data , LastPass explained. “We have recently identified unusual activity within a third-party cloud storage service currently shared by both and its subsidiary GoTo,” the company said. LastPass CEO Karim Toubba assures that users’ stored passwords “were securely encrypted at all times”. However, Toubba did not reveal what exact information the hackers saw. “We are working diligently to understand the scope of the incident and determine what specific information was accessed,” Lastpass said.
HACKER ATTACK – SECOND ATTACK IN SIX MONTHS
The password manager LastPass has now been hacked for the second time in six months. According to LastPass boss Toubba, the hackers are using information they stole during the first cyber attack in August 2022. In order to get the data, the attackers compromised a developer account. According to Computerbild, they stole parts of the source code used and technical information. In a later update, the company revealed that the hackers had internal access to their systems for over four days. At that time, immediate measures should have been taken to contain further damage and avoid worse attacks. Unsuccessful, as has now been shown.
SECURITY MEASURES FOR FURTHER ATTACKS
Just last winter , hackers tried to steal passwords for user vaults. According to a statement from the company to Appleinsider magazine , the vault contents were also secured if users used a master password. In June, Stiftung Warentest confirmed that LastPass was secure. The handling is a bit complicated and the foundation found clear deficiencies in the data protection declaration. LastPass only achieved a satisfactory overall result.
In the event of another hacking attack, LastPass CEO Toubba announced that he would increase security measures and monitoring capabilities “throughout the infrastructure” “to detect and prevent further malicious activity”. At the same time, the company intends to provide regular updates on the ongoing investigations. The password manager is behind one of the most well-known password management systems and claims that it is used by around 33 million people and 100,000 companies.