The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date.
The embattled password management service last weekΒ revealedΒ how unidentified actors leveraged information stolen from an earlier incident that took place prior to August 12, 2022, along with
LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems.
The company said one of its DevOps engineers had their personal home computer hacked and infected with a keylogger as part of a sustained cyber attack that exfiltrated sensitive
LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident.
The breach, which targeted a third-party cloud storage service, impacted Central, Pro, join.me, Hamachi, and RemotelyAnywhere products, the company said.
"The
The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo β on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to say that password best practices are not followed is a wild understatement. The reality is that there
TheΒ August 2022 security breachΒ of LastPass may have been more severe than previously disclosed by the company.
The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted password vaults by using data siphoned from the earlier break-in.
Among the data stolen are "basic
Popular password management service LastPass said it's investigating a second security incident that involved attackers accessing some of its customer information.
"We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," LastPass CEO Karim ToubbaΒ said.
GoTo, formerly called LogMeIn, acquired LastPass
Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022.
"There is no evidence of any threat actor activity beyond the established timeline," LastPass CEO Karim ToubbaΒ saidΒ in an update shared on September 15, adding, "there is no evidence that this
Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information.
The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed, although the company provided no further details regarding the hack and what source code was stolen.