

WAS ANYONE AFFECTED BY LASTPASS BREACH CODE
LastPass said in August that an unauthorized party “gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.” LastPass said that its system design and controls “prevented the threat actor from accessing any customer data or encrypted password vaults.” It’s not yet clear if both LogMeIn and GoTo customers are affected by the breach. GoTo, formerly LogMeIn, which acquired LastPass in 2015, said in a similarly vague statement that it was investigating the incident.

Toubba did not say what specific customer information was taken, but said it was working to “understand the scope of the incident and identify what specific information has been accessed.” The third-party cloud service wasn’t named, but a 2020 blog post by Amazon Web Services cited the company’s transition of a billion customer records to Amazon’s cloud. Toubba said the unauthorized party used information stolen from LastPass’ systems in August, which the company disclosed at the time. LastPass chief executive Karim Toubba said in a blog post that an “unauthorized party” recently gained access to some customers’ information stored in a third-party cloud service shared by LastPass and its parent company, GoTo. When it comes to moving from LastPass to another password management solution, each company or individual must make their own decision considering their risk tolerance against the various factors at play.Password manager LastPass said it’s investigating a security incident after its systems were compromised for the second time this year. Layering controls by adding two-factor authentication is an important aspect of a mature security strategy. No security control is a 100% guarantee against compromise, but the risk password managers mitigate, coupled with the convenience they provide, is a net security improvement. Truth be told, all cloud-based password managers face the same type of risks. Should You Change Password Manager Vendors?
WAS ANYONE AFFECTED BY LASTPASS BREACH SOFTWARE
On December 22, 2022, password vault software vendor LastPass revealed that they were the victim of a breach and customer password vaults were obtained by an unauthorized party.
