Password manager LastPass announced on Wednesday that it suffered its second data breach in three months.
CEO Karim Toubba said the company recently detected unusual activity within a third-party cloud storage service shared by LastPass and its affiliate GoTo.
He said an investigation was immediately launched into the incident by security firm Mandiant and law enforcement was alerted.
“We have determined that an unauthorized party, using information obtained during the August 2022 incident, was able to access certain elements of our customers’ information. Our customers’ passwords remain securely encrypted through LastPass Zero Knowledge Architecture,” Toubba said.
CALIFORNIA DOJ RELEASED GUN DATA ACCIDENTALLY, SHOWING ‘BAD JUDGMENT’ IN WINNING RESPONSE, REVIEW FINDS
LastPass makes every effort to identify the specific information that was accessed and the extent of the incident.
Products and services remain fully functional, and LastPass said it continues to deploy enhanced security measures and monitoring capabilities across its infrastructure.
Toubba said more updates will be provided as LastPass learns more details.
LEGISLATIVES CONCERNED BY CHINESE DRONES IN RESTRICTED SPACES AROUND THE CAPITOL
In August, LastPass said an unauthorized party gained access to parts of the LastPass development environment through a single compromised developer account and took portions of source code and certain proprietary technical information from LastPass.
Following an investigation, Toubba said in September that the threat actor’s activity had been limited to a period of four days and confirmed that there was no evidence that this incident involved a access to customer data or encrypted password vaults.
CLICK HERE TO GET THE FOX NEWS APP
“We recognize that security incidents of any kind are troubling, but we want to assure you that your personal data and passwords are safe in our care,” he said at the time.