By Julia Musto
Published December 01, 2022
Fox News
Password manager LastPass announced Wednesday it had suffered its second data breach in three months.
CEO Karim Toubba said the company recently detected unusual activity within a third-party cloud storage service that is shared by LastPass and affiliate GoTo.
He said an investigation was immediately launched into the incident by security firm Mandiant and that law enforcement had been alerted.
“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture,” Toubba said.
LastPass is working to identify what specific information has been accessed and the scope of the incident.
Products and services remain fully functional, and LastPass said it continues to deploy enhanced security measures and monitoring capabilities across its infrastructure.
Toubba said further updates would be provided as LastPass learns more details.
In August, LastPass said an unauthorized party had gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.
Following an investigation, Toubba said in September that the threat actor’s activity had been limited to a four-day period and confirmed that there is no evidence this incident involved any access to customer data or encrypted password vaults.
“We recognize that security incidents of any sort are unsettling but want to assure you that your personal data and passwords are safe in our care,” he said then.
Why Family Offices Remain Unprepared Despite High Cyberattack Risks
A.R. Perez, Netlok, June 12, 2025 Despite facing significant cybersecurity threats, many family offi[...more]
Is Privacy Dead?
A. Perez, Netlok, 6/9/2025 Supreme Court Allows DOGE Access to Social Security Database: Privacy Imp[...more]
The Rise of Steganography Bots and AI: Strategic Analysis for 2025
Executive Summary The cybersecurity landscape has undergone a fundamental transformation as artifici[...more]
Photolok vs Recaptcha for AI Attacks
Cyber attacks are becoming more advanced and frequent as machine learning and artificial intelligenc[...more]
Understanding the Impact on MFA and SSO Implementations
Multi-factor authentication (MFA) and Single Sign-On (SSO) can often act as a vital bulwark against [...more]
Passkeys vs. Traditional Passwords in Cybersecurity
Passwords have long been the bedrock of digital security, but their limitations are increasingly evi[...more]
Understanding the Difference Between Physical and Behavioral Biometrics in Authentication
In our digital age, data security has become absolutely essential. We have more online accounts than[...more]
Human-Centered Design in Cybersecurity
Today, effective cybersecurity is more critical than ever. Organizations and individuals everywhere [...more]
How Photolok Defends Against Deepfakes: Innovative Security for the AI Era
Imagine receiving an urgent video call from your CEO. On the call, your CEO appears panicked and ask[...more]