LastPass has issued an update on the situation following a recent data breach in the company. It is not good news for customers who use the password manager as the company confirms customer backups were stolen.
In a blog post, LastPass parent company (GoTo) CEO Paddy Srinivasan says hackers were able to target the cloud storage the firm uses and steal encrypted backups.
“Our investigation to date has determined that a threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro, join.me, Hamachi, and RemotelyAnywhere. We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups.”
Data that has been taken include hashed and slated passwords, usernames, some Multi-Factor Authentication (MFA) settings, product settings, and licensing information. Srinivasan points out no customer financial information was taken.
Furthermore, personal details such as Social Security numbers and addresses were also unaffected. The CEO says these details were secure because GoTo does not store this information.
“We are contacting affected customers directly to provide additional information and recommend actionable steps for them to take to further secure their accounts.”
LastPass confirmed it was the subject of a cybersecurity breach in August. Another incident was then reported in December.
In August, threat actors broke through LastPass security and were able to enter the development environment of the service. In that breach, the company lost snippets of code and technological documentation.
In December, another breach was more dangerous as it affected the data of LastPass users. The company found that attackers using data stolen in August were able to leverage the information to access customer data on the shared cloud.
Tip of the day: Windows now has a package manager similar to Linux called “Winget”. In our tutorial, we show you how to install and use this new tool that allows the quick installation of apps via PowerShell or a GUI.