Security News

Lastpass: Hackers stole customer vault data in cloud storage breach
2022-12-22 21:12

LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. Toubba added in a new update to the original statement that Lastpass' cloud storage was accessed using "Cloud storage access key and dual storage container decryption keys" stolen from its developer environment.

Week in review: Log4Shell lingers, NIS2 directive adopted, LastPass breached (again)
2022-12-04 09:30

Pre-auth RCE in Oracle Fusion Middleware exploited in the wildA pre-authentication RCE flaw in Oracle Access Manager that has been fixed in January 2022 is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities Catalog. LastPass, GoTo announce security incidentLastPass and its affiliate GoTo have announced that they suffered a security incident and, in LastPass' case, a possible data breach.

LastPass admits to customer data breach caused by previous breach
2022-12-02 19:10

Back in August 2022, popular password manager company LastPass admitted to a data breach. LastPass insisted that the developer's account hadn't given the criminals access to any customer data, or indeed to anyone's encrypted password vaults.

LastPass Security Breach
2022-12-02 12:09

The company was hacked, and customer information accessed. No passwords were compromised.

Intruders gain access to user data in LastPass incident
2022-12-01 13:30

Intruders broke into a third-party cloud storage service LastPass shares with affiliate company GoTo and gained access to "Certain elements" of customers' information, the pair have confirmed. LastPass did not define what it meant by "Certain elements," saying it was unsure what data was looked at: "We are working diligently to understand the scope of the incident and identify what specific information has been accessed this morning."

LastPass, GoTo announce security incident
2022-12-01 09:35

LastPass and its affiliate GoTo have announced that they suffered a security incident and, in LastPass' case, a possible data breach. "Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service," GoTo CEO Paddy Srinivasan noted, and explained that the third-party cloud storage service in question is shared by GoTo, a cloud-baser SaaS provider of remote work collaboration and IT management tools, and LastPass, the company behind the popular password manager of the same name.

LastPass Suffers Another Security Breach; Exposed Some Customers Information
2022-12-01 09:35

Popular password management service LastPass said it's investigating a second security incident that involved attackers accessing some of its customer information. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," LastPass CEO Karim Toubba said.

LastPass Suffers Another Security Breach; Exposed Some Customers Information
2022-12-01 09:35

Popular password management service LastPass said it's investigating a second security incident that involved attackers accessing some of its customer information. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," LastPass CEO Karim Toubba said.

Lastpass says hackers accessed customer data in new breach
2022-11-30 21:24

LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022.The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service.

S3 Ep101: Uber and LastPass breaches – is 2FA all it’s cracked up to be? [Audio + Text]
2022-09-22 18:42

DUCK. Yes, Uber has come out with a follow up report, and it seems that they're suggesting that a hacking group like LAPSUS$ was responsible. Just because you have those that's a security gate, but it's not the end-all and be-all to keeping someone out.