Security News > 2022 > December > LastPass admits to customer data breach caused by previous breach
Back in August 2022, popular password manager company LastPass admitted to a data breach.
LastPass insisted that the developer's account hadn't given the criminals access to any customer data, or indeed to anyone's encrypted password vaults.
According to LastPass, customer passwords backed up on the company's servers never exist in decrypted form in the cloud.
According to a security bulletin dated 2022-11-30, the company was recently breached again by attackers "Using information obtained in the August 2022 incident", and this time customer data was stolen.
In other words, even if the criminals weren't able to dig around in customer records directly from the account of the developer who got infected by malware back in August, it seems that the crooks nevertheless made off with internal details that indirectly gave them, or someone to whom they sold on the data, access to customer information later on.
LastPass isn't yet giving out any information about what sort of customer data was stolen, reporting simply that it is "Working diligently to understand the scope of the incident and identify what specific information has been accessed".
News URL
Related news
- Dutch Police: ‘State actor’ likely behind recent data breach (source)
- Comcast and Truist Bank customers caught up in FBCS data breach (source)
- Internet Archive hacked, data breach impacts 31 million users (source)
- Internet Archive data breach, defacement, and DDoS: Users’ data compromised (source)
- Fidelity Investments says data breach affects over 77,000 people (source)
- Fidelity Data Breach Exposes Data of Over 77,000 Customers (source)
- USDoD hacker behind National Public Data breach arrested in Brazil (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Insurance admin Landmark says data breach impacts 800,000 people (source)
- Henry Schein discloses data breach a year after ransomware attack (source)