UPDATED 19:51 EST / DECEMBER 01 2022

SECURITY

Latest LastPass data breach involves hacker gaining access to third-party cloud storage

Password manager LastPass US LP has suffered another data breach, as a hacker gained access to a third-party cloud storage service used by the company and its affiliate GoTo Technologies USA Inc.

The data breach was a direct result of a previous breach reported by LastPass in August. Those behind the first hack used data obtained in the hack to gain access to the unnamed cloud provider and customer information. The exact data accessed was not detailed by LastPass, but the company did say that customer passwords were not accessed and remained safely encrypted.

“We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” LastPass said in an email to customers. “In the meantime, we can confirm that LastPass products and services remain fully functional.”

Although the email to customers starts with mentioning that the company has a “commitment to transparency,” and then going public with the details its has is always positive, yet another incident is not a good look for the company many rely on to secure their passwords.

LastPass has a growing list of hacks and security incidents. Along with the now two this year, the company’s history of being hacked goes back to 2015, followed by security issues in 2017 and 2019. In December last year, LastPass users reported attempted logins using their master passwords, although the attack was attributed to credential-stuffing. In January, LastPass admitted it had suffered an outage it first denied that was caused by a bug.

“It’s concerning to hear that LastPass has experienced another security incident following a previous one that was made public back in August,” Chris Vaughan, vice president of technical account management, EME at cybersecurity and systems management company Tanium Inc., told SiliconANGLE. “The attack involved source code and technical information being taken from unauthorized access to a third-party storage service the company was using.”

Password managers are a challenging but attractive target for threat actors, he explained. “They can potentially unlock a treasure trove of access to accounts and sensitive customer data in an instant if they are breached, ” he said. “However, I believe that the benefits of using a secure password management solution often far outweigh the risks of a potential breach. When layered with the other security recommendations, it’s still one of the best solutions to prevent credential theft and associated attacks.”

Image: LastPass

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU