The most popular password manager has been hacked again, and user data may have fallen into the wrong hands


This is the second attack against the service this year.

Speaking against weak passwords that pose a serious security risk, we also often recommend the use of password managers, but unfortunately even these programs do not guarantee that we can get rid of all annoyances.

A prime example of this is the most popular password management platform, LastPass, which belongs to the Hungarian-founded GoTo (formerly LogMeIn) and has been put in an extremely embarrassing situation by cybercriminals for the second time in recent months.

LastPass’s system most recently was hacked in August, when the company informed the public that the unauthorized intrusion did not affect users’ data. This is how we get to the current case, which was reported by the operator on his own blog. According to the post, “unusual activity” has been detected on a third-party cloud storage service used by LastPass and GoTo.

“We have determined that an unauthorized party was able to access certain elements of our customers’ data using information obtained during the August 2022 incident. Our customers’ passwords remained securely encrypted thanks to LastPass’s Zero Knowledge architecture.”

is in the post, which therefore points out that, albeit indirectly, access to customer information was finally achieved through the August attack. It is good news that the encryption of the passwords – allegedly – remained intact, but two successful attacks within a few months can deeply undermine the trust of the 33 million user base, not to mention the 100,000 companies that rely on LastPass.

In any case, the operator of the password manager notified the authorities and also asked the cyber security company Mandiant for help. At the time of writing our article, the investigation is still ongoing to find out the exact extent of the attack and what information the intruder had access to.

By the way, LastPass already caused heart trouble for its customers last December, when it sent alerts about unauthorized intrusion attempts, but it turned out that they were activated by mistake. As for the August attack that led to the current case, according to the official information, the attackers obtained not only the source code but also other protected technical data and were able to access the internal system of LastPass for a total of 4 days.

Are you more seriously interested in IT? You can find our news and analyzes for IT and infocommunications decision-makers here.


Source: PC World Online Hírek by pcworld.hu.

*The article has been translated based on the content of PC World Online Hírek by pcworld.hu. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!