Skip to main content
close search
site logo
Dive Brief

LastPass breach fallout spreads to expose customer data

Published Dec. 1, 2022
Matt Kapko's headshot
Senior Reporter
A photo illustration of LastPass logos on a hard drive disk held in someone's hand.
Leon Neal via Getty Images

Dive Brief:

  • The aftermath from an August breach at LastPass has spread, compromising customer data, the password manager said in a Wednesday notice.
  • “We recently detected unusual activity within a third-party cloud storage service,” CEO Karim Toubba said in a blog post. “We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.”
  • The company did not say when it discovered the subsequent breach, what type of customer information was exposed or how many customers are now potentially compromised. LastPass did not respond to a request for more information.

Dive Insight:

LastPass previously said no customer data or encrypted vaults were accessed in August, when an unauthorized actor breached its systems and stole portions of its source code and some proprietary technical information.

The company did not explain how data stolen in August was used to access customers’ data more than three months later. Mandiant is assisting with the investigation and law enforcement has been notified, according to LastPass.

Unusual activity that occurred in the company’s development system provides clues as to what went and continues to go wrong, according to Michael White, technical director and principal architect at Synopsys. 

“Once compromised, access to a development or test system can give away the keys to the kingdom,” White said via email.

Such a breach can “allow an attacker lateral movement towards critical sensitive information, or permit an attacker to interfere in the software build process to introduce backdoors, which make their way into production,” White said.

If the root cause of this subsequent breach is determined to be a compromised development system, Sunburst, the same attack vector that hit SolarWinds, could be at fault, according to White. Sunburst is a supply chain attack that plants a backdoor in a breached system to indirectly target downstream organizations.

LastPass is used by more than 33 million registered users and more than 100,000 business customers.

Despite the breach, LastPass is fully operational and “customers’ passwords remain safely encrypted,” Toubba said.

Filed Under: Breaches, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell