The Goa Spotlight Just another WordPress site
LastPass password manager suffered a new hack attack this week. LastPass disclosed what happened last Wednesday, in a publication on its official website. In August, the company was the victim of another attack in which part of its source code was stolen.
Now, the company has revealed that information from the August leak was used to steal user data. LastPass ensures that passwords remain secure due to the encryption of its Zero Knowledge architecture.
LastPass suffers invasion of its cloud storage
In the press release, LastPass explained that it detected an “unusual activity” in the cloud storage service – contracted from another company. The company did not disclose the date of the incident.
After detecting the problem, LastPass launched an investigation, alerted authorities and hired Mandiant, a cybersecurity company. The result is that the invasion took place by hackers who used the data from the August leak.
LastPass does not cite what personal customer information the cybercriminals had access to — or whether all or just a portion of customers were affected. However, in the statement written by CEO Karim Toubba, LastPass informs that it is working to understand what information was accessed and the scope of the attack.
As disclosed by TechCrunch, the cloud service used by LastPass is AWS. In 2020, the Amazon subsidiary disclosed on its website that GoTo, owner of LastPass, contracted AWS services. LastPass is used by over 33 million people and over 100,000 businesses.
Leak in August compromised source code
In August, also in a statement written by Karim Toubba, LastPass revealed that its development environment was invaded. The perpetrator (or perpetrators) of the hack stole parts of the source code and technical information owned by LastPass.
At the time of the incident, the company reported that the personal data of customers had not been accessed. LastPass also disclosed that it carried out all containment and mitigation measures for the attack.
With information: BleepingComputer and TechCrunch
