LastPass hack: Customer data at risk after second attack

On December 1, 2022By Garmin Philip

data leak

After the popular password manager LastPass was targeted by hackers in August, the company got caught again – this time customer data is also said to be affected.

News

CyberVor hackers' password theft is making itself felt.

The data theft from the password manager LastPass that took place in August is spreading: Like CEO Karim Toubba in one blog post reports that data once again fell into the hands of hackers during a “security incident” while on duty. In contrast to the attack of a few months ago, in which the source code of the software was primarily stolen, this time certain categories of user data were captured.

As the company goes on to explain, unusual activities have been identified within a third-party cloud storage service used by the company. Within these, unauthorized persons are said to have gained access to sensitive customer data, but passwords were not stolen. These are securely encrypted due to LastPass’ zero-knowledge architecture.

The incident is currently being investigated and processed internally. What has been clarified, however, is that the recent data leak is linked to the August attack. In addition, LastPass turned on IT security companies to take a closer look at the hack.

Like the online magazine hot reported that the captured data from the company behind LastPass, Bitwarden, is said to have already appeared in relevant forums. These are log files in which sensitive user data can be viewed in plain text. However, Bitwarden immediately denied this: There are “no concerns about a system break-in or a database compromise”.

As the company continues to assure, sensitive information in particular is only stored in encrypted form, which takes place on the local user device before the data is sent to the cloud server. Accordingly, the log file that appeared could not come from the recent hack.