LastPass has suffered another data breach, wherein customer information was accessed. The company has assured that user passwords are not exposed to this attack.

LastPass Suffers Another Data Breach

On November 30, 2022, password manager provider LastPass announced that it had suffered a data breach in which customer data was accessed.

In a LastPass security notice, it was stated that the company "detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo." LastPass also posted on its Twitter page about the incident.

LastPass teamed up with Mandiant, an American cybersecurity company, to investigate the breach, and alerted authorities of the attack.

This November incident marks another LastPass data breach, the last of which took place in August 2022.

Data from the August LastPass Breach Was Used in its Most Recent Hack

padlock on laptop keyboard

In its investigation with Mandiant, LastPass found that the threat actors involved used information obtained from the August 2022 hack to carry out the November breach.

In the August breach, which lasted four days, the LastPass developer environment was accessed through a compromised account. As a result of this hack, source code and technical data was stolen.

Certain data harbored from this attack helped hackers to access customer data in the most recent LastPass breach, though it has not been stated what kind of data this was.

Customer Passwords Are Not at Risk

Though user data was accessed in this LastPass breach, the company has assured customers that their passwords were not exposed to the hackers responsible.

LastPass also stated in its security notice on the incident that it will "continue to deploy enhanced security measures and monitoring capabilities" across its infrastructure to both detect and prevent further activity from malicious actors. More information should be released about this breach as LastPass and Mandiant investigate further.

While password manager security breaches are concerning, this doesn't mean that this method of password storage is unsafe. If you're using a trusted and reputable password manager service, your passwords will be encrypted, and therefore made indecipherable to threat actors. Just make sure you manager you choose is vouched for and employs adequate security measures before entrusting it with your passwords.