LastPass says unknown attackers hacked into its cloud storage using information stolen from a previous August 2022 security incident.
The company added that once inside, the threat actors also managed to access customer data stored in the compromised storage service.
“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by LastPass and its subsidiary, GoTo,” the company said. said.
“We have determined that an unauthorized party, using information obtained during the August 2022 incident, was able to access certain elements of our customers’ information.”
Lastpass said it hired security firm Mandiant to investigate the incident and notify law enforcement of the attack.
He also noted that customer passwords were not compromised and “stay securely encrypted thanks to LastPass’ Zero Knowledge architecture.”
“We are working diligently to understand the scope of the incident and identify the specific information that was accessed,” Lastpass added.
We recently detected unusual activity within a third-party cloud storage service, which is currently shared by LastPass and its affiliate GoTo. Customer passwords stay securely encrypted with LastPass’ Zero Knowledge architecture. More information: https://t.co/xk2vKa7icq pic.twitter.com/ynuGVwiZcK
—LastPass (@LastPass) November 30, 2022
Violation twice in one year
This is the second security incident revealed by Lastpass this year after confirmation in august that the company’s development environment was hacked through a compromised developer account.
The notice was published days after BleepingComputer contacted the company and received no response to questions about a possible breach.
In emails sent to customers at the time, Lastpass confirmed that attackers had stolen source code and proprietary technical information from its systems.
In a later update, the company revealed that the attackers behind the August security breach maintained internal access to their systems for four days until they were kicked out.
LastPass is behind one of the most popular password manager software, claiming it’s used by over 33 million people and 100,000 businesses.