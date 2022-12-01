Leading password manager LastPass and its affiliate, communications software provider GoTo, have revealed that it suffered a breach of its cloud storage infrastructure following a cyber-attack in August 2022.

regarding the ongoing incident, the company admits that it recently detected “unusual activity” within a third-party cloud storage service used by both LastPass and GoTo.

The results of the Lastpass investigation, signed by LastPass CEO Karim Toubba and involving Mandiant security experts, showed that someone used the credentials leaked in the incident to access “certain elements” of customer information from LastPass

Passwords are safe

Toubba did not go into further details about the type of data accessed, but he did say that user passwords were left untouched.

“Our customers’ passwords remain securely encrypted thanks to LastPass’ Zero Knowledge architecture,” he said.

“While our investigation is ongoing, we have reached a state of containment, implemented additional enhanced security measures and see no further evidence of unauthorized activity.”

Because LastPass is one of the most popular business password managers and generators, with over 100,000 businesses relying on it every day, LastPass is no stranger to data breaches by cybercriminals.

Tech Radar Pro has previously reported that the company confirmed in late September 2022 that the threat actor responsible for the original breach in August had been lurking in its network for days before being dropped.

However, the threat actor was unable to access internal customer data or encrypted password vaults at the time. LastPass claims that the latest development hasn’t changed that, because of its Zero Knowledge architecture

“While the threat actor had access to the development environment, our system design and controls prevented the threat actor from accessing customer data or encrypted password vaults,” Toubba said at the time.

The attacker apparently accessed the company’s development environment through a developer’s compromised endpoint.

The investigation and forensics failed to determine the exact method used for the first endpoint breach. Toubba did say that the attackers used their persistent access to impersonate the developer after successfully authenticating with multi-factor authentication.