The LastPass app is considered the most popular password manager, boast over 30 million users worldwide, has been hacked for the second time in three months.
The first one happened quite recently, at the end of the summer of 2022 when the hackers managed to steal the technical information of the service and part of its source code through a compromised account of one of the project developers.
The head of the company, Karim Tubba, announced that an unauthorized party got access to some user data. He did not disclose the full extent of this leak and the nature of the leaked data that the hackers could take possession of.
Representatives of the company noted that the attackers managed to gain access to the cloud storage. Surprisingly, the attackers utilized data from the August cyber incident to gain access. LastPass also emphasized that cybercriminals were able to access customer data that was in compromised storage.
However, the passwords should not be affected. LastPass noted that customer passwords have not been compromised and remain securely encrypted, thanks to LastPass’s Zero Knowledge architecture. However, this zero-knowledge architecture does not seem to apply comprehensively, as the data leak shows.
The event was reported to law enforcement, and the corporation engaged the cybersecurity firm Mandiant to investigate it. However, LastPass has admitted that it is not currently aware of the scale of the incident and is investigating what information was stolen during the attack.
The company promised to investigate the reasons for the hacking in as much detail as possible, identify the perpetrators and provide additional information.
