announced Wednesday it had suffered its second data breach in three months.
CEO Karim Toubba said the company recently detected unusual activity within a third-party cloud storage service that is shared by LastPass and affiliate GoTo.
He said an investigation was immediately launched into the incident by security firm Mandiant and that.
“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture,” Toubba said.
LastPass is working to identify what specific information has been accessed and the scope of the incident.
Products and services remain fully functional, and LastPass said itand monitoring capabilities across its infrastructure.
Toubba said further updates would be provided as LastPass learns more details.
In August, LastPass said an unauthorized party had gained access to portions of the LastPass development environment through a single compromised developer account andand some proprietary LastPass technical information.
Following an investigation, Toubba said in September that the threat actor’s activity had been limited to a four-day period and confirmed that there is no evidence this incident involved any access to customer data or.
“We recognize that security incidents of any sort are unsettling but want to assure you that yourin our care,” he said then.