The LastPass security breach that occurred last August allowed attackers to access customer data, claims the company specializing in password management. She had previously said that no data had been compromised.
LogMeIn, owner of LastPass, points out that customer passwords are not among the exposed information, as the company uses end-to-end encryption so that only the subscriber has the decryption key.
How does LastPass work?
LastPass is a competitor password manager to 1Password. With these, all your passwords are stored encrypted, and you can log in to any website using just one master password to unlock your safe. It is possible to unlock it for the day, on all its devices in order to enjoy it seamlessly.
The company has confirmed a security breach reported in August. An attacker gained access to the company’s development environment and was able to access source code and other technical data. LogMeIn said at the time that there was no access to customer data or the production environment. However, today’s report reveals that customer data was eventually exposed.
The LastPass Security Flaw
LogMeIn backtracks and explains that while the initial attack did not gain access to customer data, the information obtained at that time was later used to do so.
We recently detected unusual activity within a third-party cloud storage service, which is currently shared by LastPass and its affiliate, GoTo. We immediately launched an investigation, hired Mandiant, a leading security company, and alerted law enforcement.
We have determined that an unauthorized party, using information obtained during the August 20, 2022 incident, was able to access certain pieces of our customer information. Our customers’ passwords remain securely encrypted thanks to LastPass’ “Zero Knowledge” architecture.
Company CEO Karim Toubba says the company is still working to determine the scope of the attack and identify specific customer data that was accessed. Customers will certainly be contacted following the investigations.
The company drew users’ attention to its security recommendations for using LastPass. The most important of these is, of course, to make sure that you use a unique and very strong password to protect your vault. Logic.
Every data breach reminds us that information security is important, especially since this is a password manager that holds the keys to your entire digital life. This should give a little more credit to Apple, which has a similar integrated service with iCloud Keychain. The latter has not (yet) been compromised…
Download the free app LastPass Password Manager