LastPass, the popular password manager that boasts over 33 million customers and 100,000 business users, has been hacked again. Unlike last time, the company says that user data was exposed in this latest incident, but emphasizes that passwords were not captured.“We recently detected unusual activity in a third-party cloud storage service shared by both LastPass and its subsidiary GoTo,” LastPass CEO Karim Toubba said in a statement. We immediately started an investigation. We commissioned Mandiant, the leading cybersecurity firm, and notified law enforcement.” made a statement.
User information exposed
It is stated that as a result of the attack, “certain elements” of user data were accessed. However, it was not disclosed what information this data contains. It is said that the attack was carried out thanks to the information obtained from the attack in August. The attackers, who accessed the service using a compromised developer account, remained undetected for four days.Passwords are safe
LastPass emphasizes that users’ passwords remain secure thanks to its Zero Knowledge architecture. Thanks to this architecture, only the user can see the passwords and the encryption process takes place at the device level. For this reason, LastPass does not make any recommendations for its users to change their passwords.
LastPass hacked twice in one year
LastPass, on the other hand, reported a browser extension-based vulnerability in 2017. The company also announced in 2019 that they closed a security vulnerability where users’ login information could be stolen. In this year’s attack, LastPass’ source code and some technical information were stolen.
If you are a LastPass user who is concerned about these events, we recommend that you enable two-step verification and renew your passwords periodically to protect your account. On the other hand, if any service you receive service has a two-step verification feature, we recommend that you take care to use it.
32403
