LastPass has issued an update on the situation following a recent data breach in the company. It is not good news for customers who use the password manager as the company confirms customer backups were stolen.
In a blog post, LastPass parent company (GoTo) CEO Paddy Srinivasan says hackers were able to target the cloud storage the firm uses and steal encrypted backups.
“Our investigation to date has determined that a threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro, join.me, Hamachi, and RemotelyAnywhere. We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups.”
Data that has been taken include hashed and slated passwords, usernames, some Multi-Factor Authentication (MFA) settings, product settings, and licensing information. Srinivasan points out no customer financial information was taken.
Furthermore, personal details such as Social Security numbers and addresses were also unaffected. The CEO says these details were secure because GoTo does not store this information.
“We are contacting affected customers directly to provide additional information and recommend actionable steps for them to take to further secure their accounts.”
LastPass confirmed it was the subject of a cybersecurity breach in August. Another incident was then reported in December.
In August, threat actors broke through LastPass security and were able to enter the development environment of the service. In that breach, the company lost snippets of code and technological documentation.
In December, another breach was more dangerous as it affected the data of LastPass users. The company found that attackers using data stolen in August were able to leverage the information to access customer data on the shared cloud.
Data breaches have now become more rampant than they used to be. Therefore it's important to make the necessary steps to ensure your data is secure, whether for personal or business use. This is something you can achieve through different methods, such as the use of secured proxy servers to mask your networks, regular data backup, and installation of anti-virus to name a few. While no system can guarantee 100% protection against data breaches, these can help reduce the risk and give individuals and businesses greater peace of mind regarding your sensitive data.
Tip of the day: Windows now has a package manager similar to Linux called “Winget”. In our tutorial, we show you how to install and use this new tool that allows the quick installation of apps via PowerShell or a GUI.