“We recently detected unusual activity in a third-party cloud storage service shared by both LastPass and its subsidiary GoTo,” LastPass CEO Karim Toubba said in a statement. We immediately started an investigation. We commissioned Mandiant, the leading cybersecurity firm, and notified law enforcement.” made a statement.
User information exposed
Passwords are safe
LastPass emphasizes that users’ passwords remain secure thanks to its Zero Knowledge architecture. Thanks to this architecture, only the user can see the passwords and the encryption process takes place at the device level. For this reason, LastPass does not make any recommendations for its users to change their passwords.
LastPass hacked twice in one year
LastPass, on the other hand, reported a browser extension-based vulnerability in 2017. The company also announced in 2019 that they closed a security vulnerability where users’ login information could be stolen. In this year’s attack, LastPass’ source code and some technical information were stolen.
If you are a LastPass user who is concerned about these events, we recommend that you enable two-step verification and renew your passwords periodically to protect your account. On the other hand, if any service you receive service has a two-step verification feature, we recommend that you take care to use it.