Last Pass Suffers Second Data Breach in 5 Months

LastPass suffers second data breach in 5 months

Password management app Last Pass has announced hackers have breached its cloud storage containing customer data.

This is the second time the company has been targeted in five months, after a similar breach in August.

Cyber attackers gained access to the company’s developer environment using a hacked developer account, stealing source code and technical information that allowed them to access customer data from the most recent breach.

LastPass still maintain that passwords remain safe after both attacks.

“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” LastPass chief executive officer Karim Toubba said.

“We have determined that an unauthorised party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.”

With over 33 million users and 100,000 businesses, the company says it is one the most popular password management systems on the market.

LastPass announced that an investigation has been immediately launched, alerting law enforcement and engaging leading security firm Mandiant.

If LastPass changes its position or releases further information on the matter we will share it here.

If you have any questions or wish to know more about this incident, please contact us below.

Contact