LastPass, the password manager, was breached for the second time
The company is designed to control threat actors from reaching customer data or encrypted passwords
Password manager LastPass disclosed that they are investigating a security issue in the wake of the second theft of its servers this year.
LastPass CEO Karim Toubba said an ‘unauthorised entity’ recently obtained access to some user data stored in a third-party cloud service utilised by LastPass and its parent company, GoTo. Toubba said that information stolen from LastPass’ systems in August was used by an unauthorised party which the company has already acknowledged.
The cloud provider wasn’t mentioned, but Amazon Web Services mentioned in a blog post that the company’s migration of a billion customer records to Amazon’s cloud was in the billions.
Toubba said they are trying to understand the nature of the problem and they are looking for the specific information they need.
GoTo, formerly LogMeIn, purchased LastPass in 2015, they responded saying they are looking into the situation. It’s unknown whether LogMeIn and GoTo users are impacted by the hack.
LastPass said in August that an unauthorised party gained access to aspects of their development environment through a single hacked developer account and stole portions of source code and certain confidential technical knowledge.
According to LastPass, whose system architecture and security was used, the threat actor was prevented from accessing any client data or encrypted password vaults.
Toubba’s last blog post from last Wednesday said customer’s passwords are safe and encrypted.
