LastPass Hacked for Second Time This Year

Password management app LastPass says it is investigating a security incident after an "unauthorized party" compromised its systems on Wednesday and gained access to some customer information.

lastpass
The information was stored in a third-party cloud service shared by LastPass and parent company GoTo, said LastPass CEO Karim Toubba in a blog post. Toubba said the hackers used information stolen from LastPass' systems in a separate previously disclosed incident that occurred in August of this year. Toubba added in the blog post that "customers' passwords remain safely encrypted."

We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement.

We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers' information. Our customers' passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.

According to a blog post dated August 22, the previous incident saw a threat actor gain access to the LastPass Development environment using a developer's compromised endpoint to steal source code and some proprietary LastPass technical information. LastPass said at the time that its systems "prevented the threat actor from accessing any customer data or encrypted password vaults."

LastPass is currently working to understand the scope of Wednesday's incident and identify what specific information has been accessed. GoTo, formerly LogMeIn, said it was also investigating the incident, although it did not explain whether GoTo users were also impacted by the hack. In the meantime, LastPass products and services remain "fully functional," said Toubba.

Top Rated Comments

willzyx Avatar
16 months ago

Why would you not use the built in password manager and instead willingly pay to use another, less secure, manager?
Because 3rd party password managers (1password, keeper, bitwarden) offer a lot more flexibility and security than Apple's built-in manager. Apple's version is good enough for basic functions, anything more and a dedicated manager is far more advanced. Everyone knows that LastPass is trash and has always been trash.
Score: 32 Votes (Like | Disagree)
Abazigal Avatar
16 months ago

Why would you not use the built in password manager and instead willingly pay to use another, less secure, manager?
It’s a pain to retrieve passwords when you want to key them into a non-Apple device. For example, when I went to log in to an account on my windows work laptop, I can view said password via the 1Password app on my Apple Watch. It’s also much easier to generate / change passwords in the 1Password app. iCloud Keychain really needs its own standalone manager app, rather than being hidden in the settings app.
Score: 30 Votes (Like | Disagree)
djcerla Avatar
16 months ago
… but this time it’s the LastTime!
Score: 29 Votes (Like | Disagree)
ProfessionalFan Avatar
16 months ago
I switched all my passwords to iCloud passwords. Not only does it work more seamlessly as an Apple ecosystem member, but it feels more secure.
Score: 25 Votes (Like | Disagree)
Poleri Avatar
16 months ago
This is why I use BitWarden for years. :cool:
Score: 21 Votes (Like | Disagree)
TriBruin Avatar
16 months ago

That used to be true but now that they added 2FA and notes there isn’t much of a difference and, in Apple slickness, the 2FA integration is one tap seamless. The only reason I use BitWarden as well is for redundancy. I would like to see categories added, I do like that in BW.
Not much difference? If so, where can I get these features using iCloud:


* Multiple vaults so I can separate personal from work passwords?
* Ability to give family members access to certain passwords (like streaming services) while keeping other passwords only to myself
* Ability to store sensitive documents, along with personal information (Drivers License numbers, SSNs, etc.)
* Ability to fill MORE than just user name and password fields (At aa.com, I have to enter my number and last name to log in.)
* Ability to recognize when a site uses SSO via Apple, Google, GitHub, etc. and remember that setting so the next time I go to that site it takes me direcly to the correct SSO login?
* Save my SSH keys so I don't have to manually copy them to each computer I use?

If you have basic needs, sure iCloud works. But, the best Password managers do SO much more. People need to stop saying that Apple is "almost the same". They are not even in the same ballpark.
Score: 19 Votes (Like | Disagree)

Popular Stories

Apple Logo Spotlight

Source: Apple to Announce New Products This Week

Sunday March 3, 2024 11:38 am PST by
Apple plans to announce new products with press releases on its website this week, a proven source familiar with the matter told MacRumors. While the products that Apple plans to announce have not been disclosed, there are rumors about new iPads, Macs, and accessories. It is unclear exactly what will be announced this week. Bloomberg's Mark Gurman today reiterated that Apple is planning new...
Apple Maps vs Google Maps Feature

Apple Maps vs. Google Maps: Which Is Better?

Friday March 1, 2024 7:10 am PST by
Apple Maps has been providing navigational guidance to Apple users for almost 13 and a half years now, and much has changed about the app in that time. However, according to data from Canalys, the overwhelming majority of iPhones in the U.S. still have Google Maps downloaded as an alternative to Apple Maps, which comes preinstalled on all iPhones. We want to hear from MacRumors readers. Which do...
apple tv plus banner

Apple TV+ Gains Over 50 Movies for a Limited Time

Friday March 1, 2024 6:29 am PST by
Apple TV+ today gained over 50 movies, adding to its back catalog of content for a limited time. The collection includes a large number of popular and classic titles. Subscribers can access the movies in a "Great Movies on Apple TV+" section in the Apple TV app. Some titles are also available in 3D. Movies in the collection include: 21 Jump Street 300 American Sniper Argo ...
iPad Air 12

Gurman: No Apple Event Planned for Upcoming iPads and Macs

Sunday March 3, 2024 5:09 am PST by
Apple does not plan to hold a traditional event to unveil new iPads and Macs, according to Bloomberg's Mark Gurman. Instead, he said Apple plans to announce the products on its website with a "series of online videos and marketing campaigns." If this plan is accurate, we can expect the new products to be announced with press releases on the Apple Newsroom website. Gurman expects Apple to...
airpods pro 2 pink

Apple Releases New Beta Firmware for AirPods Pro 2

Thursday February 29, 2024 11:41 am PST by
Apple today introduced a new beta firmware update for the AirPods Pro 2, both the USB-C and Lightning versions. The new firmware is version 6E188, up from the prior 6B34 firmware released in December. Apple does not often provide details or notes on what features might be included in the refreshed firmware, so it is unclear what's new. Note that this software is limited to developers at the...