LastPass, GoTo announce security incident

2022-12-01 09:35

LastPass and its affiliate GoTo have announced that they suffered a security incident and, in LastPass' case, a possible data breach.

"Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service," GoTo CEO Paddy Srinivasan noted, and explained that the third-party cloud storage service in question is shared by GoTo, a cloud-baser SaaS provider of remote work collaboration and IT management tools, and LastPass, the company behind the popular password manager of the same name.

While GoTo does not mention any compromised information, LastPass CEO Karim Toubba said that their preliminary investigation has shown that "An unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers' information," but that the customers' passwords "Remain safely encrypted due to LastPass's Zero Knowledge architecture."

The August 2022 incident he referred to resulted in a breach and the exfiltration of portions of source code and some proprietary LastPass technical information.

As confimed by the company a month later, that previous breach did result in code-poisoning or malicious code injection, nor the theft of customer data.

LastPass is yet to share what customer information has been accessed in this latest attack.

News URL

https://www.helpnetsecurity.com/2022/12/01/lastpass-goto-breach/

#lastpass #security