Lastpass: Hackers Accessed Customer Data in New Breach

“We have found that an unauthorized party was able to access certain elements of the customer’s information using information from the August 2022 incident.”

Lastpass stated that it had hired Mandiant security firm to investigate the incident, and informed law enforcement about the attack.

LastPass’ Zero Knowledge architecture ensures that passwords are not compromised.

Lastpass stated that they are trying to determine the extent of the incident and what information was accessed.

Lastpass has now disclosed this second security incident, following’s August confirmation that the company’s development environment had been compromised by a compromised developer account.

After BleepingComputer reached the company with questions about possible breaches, the advisory was published.

Lastpass sent emails to customers that confirmed the theft of source code and other proprietary technical information.

In a subsequent update, the company disclosed that the attackers responsible for the August security breach had internal access to their systems for at least four days before they were expelled.

LastPass is the creator of one of the most widely used password management software and claims that it’s being used by more than 33,000,000 people and 100,000 companies.