LastPass, a startup that manages passwords, acknowledged in August that it had experienced a cybersecurity issue in which someone gained access to its development environment. Due to this, portions of its code and confidential technical papers were stolen, but client data was secure.
But the company recently experienced yet another security lapse, and this time, client data was obtained.
The firm has discovered anomalous activity in a third-party cloud storage service provider that is used by both LastPass and its subsidiary GoTo, according to LastPass CEO Karim Toubba, who updated his earlier security incident notification.
As a result, the company hired cybersecurity firm Mandiant, notified law enforcement, and started an investigation into the incident. According to what has been discovered so far, a hostile actor used details from the August hack to access “some parts” of customer data stored in a shared cloud. Customer credentials, however, continue to be secure and encrypted.
Nevertheless, this is still under investigation while LastPass evaluates the consequences of the security compromise. Although LastPass’s products and services are currently operational, users are encouraged to abide by the mentioned recommended practises.
When we will learn more about this is unknown, but it is expected given the developing nature of the case and the ongoing nature of the investigation. When we learn more about the situation, we’ll let you know.