The password manager has experienced yet another hack, according to LastPass CEO Karim Toubba. In a third-party cloud storage service that it shares with its parent company GoTo, which was formerly known as LogMeIn, Toubba claimed the business discovered some odd activities. LastPass and security company Mandiant have joined forces to look into the situation. Together, they came to the conclusion that the unauthorized entity gained access to LastPass’ cloud service by exploiting data from the security incident it experienced in August of this year. They’ve also found that the malicious party had access to “some parts” of its customers’ information.
You might remember that LastPass was compromised back in August, and Toubba later acknowledged that the unauthorized party had internal access to the company’s infrastructure for four days. The password manager’s source code and certain technical details were stolen, but according to LastPass, customer data and encrypted password vaults were unaffected. It appears that the hacker’s access was restricted to the service’s testing grounds. Although this time certain user information was accessible to unauthorized parties, LastPass claimed that users’ passwords were still securely protected.
GoTo, a provider of solutions for remote work and collaboration, acknowledged the intrusion of malicious actors into its development environment in a separate notice. Like LastPass, the business has informed clients that despite the intrusion, all of its products and services are completely operational. We’ll probably get more information in the upcoming months because the password manager and its parent firm are still looking into the event to determine its extent.