Password manager LastPass announced Wednesday that it suffered its second data breach in three months.
CEO Karim Toubba said the company recently detected unusual activity in a third-party cloud storage service shared by LastPass and affiliate GoTo.
Security firm Mandiant immediately launched an investigation into the incident and notified law enforcement, he said.
“We have determined that an unauthorized party, using information obtained during the August 2022 incident, was able to access certain elements of our customer information. Thanks to LastPass’ zero-knowledge architecture, our customer’s passwords remain securely encrypted,” Toubba said .
California DOJ accidentally releases gun data, shows ‘poor judgment’ in botched response, review finds
LastPass is working to determine what specific information was accessed and the scope of the incident.
Products and services remain fully functional, LastPass says Continue to deploy enhanced security measures and monitoring capabilities across infrastructure.
Toubba said further updates will be provided as LastPass learns more details.
Lawmakers raise concerns about Chinese drones in confined spaces around Capitol
In August, LastPass said an unauthorized party gained access to parts of the LastPass development environment through a compromised developer account and obtained parts of the source code and some proprietary LastPass technical information.
Following an investigation, Toubba said in September that the threat actor’s activity was limited to four days, and confirmed there was no evidence that the incident involved any access to customer data or encrypted password vaults.
Click here for the Fox News app
“We recognize that any type of security incident is disturbing, but want to reassure you that your personal data and passwords are safe under our care,” he said at the time.