LastPass security breach was worse than initially thought

LastPass on the Galaxy S21 Ultra
(Image credit: Andrew Myrick / Android Central)

What you need to know

  • LastPass CEO Karim Toubba provides an update on its August 2022 security breach.
  • More research into the attack has determined that some customer data has actually been compromised.
  • LastPass is still working to determine the scope of the incident and what exact pieces of user data were accessed by the attack.

Password manager LastPass is now updating its users on a new breach that appears to have given bad actors access to user data.

According to an updated notice (opens in new tab) by LastPass, more insight into the recent security incident from August 2022 has actually revealed customer data was affected (via 9to5Mac).

LastPass CEO Karim Toubba stated in the update, "We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture."

With us now being in December, LastPass' CEO states the company is still working through determining the scope of the incident and trying to figure out just what pieces of customer data were accessed.

During the attack in August, LastPass stated that an attacker was able to gain access to its source code and other technical data. As 9to5Mac informs, the company's owner, LogMeIn, stated that no customer data was compromised during the attack, which has turned out to not be the case with this latest update.

Although, this is unfortunately not the first time an attack has been attempted on LastPass and the information it holds. In late 2021, an alert was sent out to many LastPass customers about an unauthorized login to their account. Many of these alerts were sent out in error, as the hacker never really made it far enough to do any damage.

Password managers can be a great tool for us in our digital worlds, and if you are still going to utilize LastPass, despite its controversy over becoming a little more restrictive, there are some safety precautions one can take.

LastPass recommends that its customers set up a strong master password while also looking at its LastPass Authenticator and Multi-factor authentication to bolster defense against potential attackers on the service and your data.

Nickolas Diaz
News Writer

Nickolas is always excited about tech and getting his hands on it. Writing for him can vary from delivering the latest tech story to scribbling in his journal. When Nickolas isn't hitting a story, he's often grinding away at a game or chilling with a book in his hand.