Earlier this year, Lastpass suffered an attack. According to the data provided by Karim Toubba, the company's CEO, only some proprietary technical information and parts of source code were leaked without any harm to sensitive information. We posted available information about the incident and its investigation in our blog posts. Last week Karim reported one more incident in the blog post.
According to the provided information, this time attacker gained access to a third-party cloud storage service shared by LastPass and affiliated company GoTo (formerly known as LogMeIn) - a renowned provider of cloud-based remote work tools. The attack was committed using information collected back in August. This time the intruder managed to access some of the customers’ information.
According to the information published in the LastPass blog, the company immediately started an investigation involving Mandiant, a well-known security company, and reported the incident to law enforcement. The company insists that the passwords are still protected because of its Zero Knowledge architecture.
In addition, LastPass continues working on increasing monitoring and security measures and promises to provide updates once more information is available.
Image Credit: Photo by Sasun Bughdaryan on Unsplash