Security News

LastPass Security Breach
2022-12-02 12:09

The company was hacked, and customer information accessed. No passwords were compromised.

Intruders gain access to user data in LastPass incident
2022-12-01 13:30

Intruders broke into a third-party cloud storage service LastPass shares with affiliate company GoTo and gained access to "Certain elements" of customers' information, the pair have confirmed. LastPass did not define what it meant by "Certain elements," saying it was unsure what data was looked at: "We are working diligently to understand the scope of the incident and identify what specific information has been accessed this morning."

LastPass, GoTo announce security incident
2022-12-01 09:35

LastPass and its affiliate GoTo have announced that they suffered a security incident and, in LastPass' case, a possible data breach. "Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service," GoTo CEO Paddy Srinivasan noted, and explained that the third-party cloud storage service in question is shared by GoTo, a cloud-baser SaaS provider of remote work collaboration and IT management tools, and LastPass, the company behind the popular password manager of the same name.

LastPass Suffers Another Security Breach; Exposed Some Customers Information
2022-12-01 09:35

Popular password management service LastPass said it's investigating a second security incident that involved attackers accessing some of its customer information. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," LastPass CEO Karim Toubba said.

LastPass Suffers Another Security Breach; Exposed Some Customers Information
2022-12-01 09:35

Popular password management service LastPass said it's investigating a second security incident that involved attackers accessing some of its customer information. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," LastPass CEO Karim Toubba said.

Lastpass says hackers accessed customer data in new breach
2022-11-30 21:24

LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022.The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service.

S3 Ep101: Uber and LastPass breaches – is 2FA all it’s cracked up to be? [Audio + Text]
2022-09-22 18:42

DUCK. Yes, Uber has come out with a follow up report, and it seems that they're suggesting that a hacking group like LAPSUS$ was responsible. Just because you have those that's a security gate, but it's not the end-all and be-all to keeping someone out.

LastPass source code breach – incident response report released
2022-09-19 18:59

The big story from last month was the LastPass breach, in which an attacker apparently got access to just one part of the LastPass network, but was able to make off with the company's proprietary source code. LastPass has now published an official follow-up report on the incident, based on what it has been able to figure out about the attack and the attackers in the aftermath of the intrusion.

Hackers Had Access to LastPass's Development Systems for Four Days
2022-09-17 02:47

Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022. "There is no evidence of any threat actor activity beyond the established timeline," LastPass CEO Karim Toubba said in an update shared on September 15, adding, "There is no evidence that this incident involved any access to customer data or encrypted password vaults."

LastPass says hackers had internal access for four days
2022-09-16 19:30

LastPass says the attacker behind the August security breach had internal access to the company's systems for four days until they were detected and evicted. While method through which the attacker was able to compromise a Lastpass developer's endpoint to access the Development environment, the investigation found that the threat actor was able to impersonate the developer after he "Had successfully authenticated using multi-factor authentication."