LastPass Hacked for Second Time This Year

Password management app LastPass says it is investigating a security incident after an "unauthorized party" compromised its systems on Wednesday and gained access to some customer information.

The information was stored in a third-party cloud service shared by LastPass and parent company GoTo, said LastPass CEO Karim Toubba in a blog post. Toubba said the hackers used information stolen from LastPass' systems in a separate previously disclosed incident that occurred in August of this year. Toubba added in the blog post that "customers' passwords remain safely encrypted."

We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement.

We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers' information. Our customers' passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.

According to a blog post dated August 22, the previous incident saw a threat actor gain access to the LastPass Development environment using a developer's compromised endpoint to steal source code and some proprietary LastPass technical information. LastPass said at the time that its systems "prevented the threat actor from accessing any customer data or encrypted password vaults."

LastPass is currently working to understand the scope of Wednesday's incident and identify what specific information has been accessed. GoTo, formerly LogMeIn, said it was also investigating the incident, although it did not explain whether GoTo users were also impacted by the hack. In the meantime, LastPass products and services remain "fully functional," said Toubba.

Popular Stories

iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Just Two Months Away: Everything We Know

Monday July 15, 2024 4:44 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Apple Watch Series 9

2024 Apple Watch Lineup: Key Changes We're Expecting

Tuesday July 16, 2024 7:59 am PDT by
Apple is seemingly planning a rework of the Apple Watch lineup for 2024, according to a range of reports from over the past year. Here's everything we know so far. Apple is expected to continue to offer three different Apple Watch models in five casing sizes, but the various display sizes will allegedly grow by up to 12% and the casings will get taller. Based on all of the latest rumors,...
iPhone 16 Pro Left Side Feature

iPhone 16 Pro Again Rumored to Come in New 'Rose' Color

Tuesday July 16, 2024 3:53 am PDT by
Apple's upcoming iPhone 16 Pro and iPhone 16 Pro Max will be available in a new "Rose" color, claims a rumor out of China, corroborating previous claims. Chinese Weibo-based leaker OvO Baby Sauce OvO, a relatively new source of supply chain leaks, said on Tuesday that the new color code for the iPhone 16 Pro models is simply "Rose," not the previous "Rose Gold" color that Apple first offered ...
New MacBook Pros Launching Tomorrow With These 4 New Features 2

M5 MacBook Models to Use New Compact Camera Module in 2025

Wednesday July 17, 2024 2:58 am PDT by
Apple in 2025 will take on a new compact camera module (CCM) supplier for future MacBook models powered by its next-generation M5 chip, according to Apple analyst Ming-Chi Kuo. Writing in his latest investor note on unny-opticals-2025-business-momentum-to-benefit-509819818c2a">Medium, Kuo said Apple will turn to Sunny Optical for the CCM in its M5 MacBooks. The Chinese optical lens company...
tinypod apple watch

TinyPod Turns Your Apple Watch Into an iPod

Wednesday July 17, 2024 3:18 pm PDT by
If you have an old Apple Watch and you're not sure what to do with it, a new product called TinyPod might be the answer. Priced at $79, the TinyPod is a silicone case with a built-in scroll wheel that houses the Apple Watch chassis. When an Apple Watch is placed inside the TinyPod, the click wheel on the case is able to be used to scroll through the Apple Watch interface. The feature works...
macbook pro january

Best Buy's Black Friday in July Sale Takes Up to $700 Off M3 MacBook Pro for Members

Monday July 15, 2024 11:05 am PDT by
Best Buy's "Black Friday in July" sale is in full swing today, and in addition to a few iPad Air discounts we shared earlier, there are also some steep markdowns on the M3 MacBook Pro. You will need a My Best Buy Plus or Total membership in order to get some of these deals. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may receive a small...

Top Rated Comments

willzyx Avatar
21 months ago

Why would you not use the built in password manager and instead willingly pay to use another, less secure, manager?
Because 3rd party password managers (1password, keeper, bitwarden) offer a lot more flexibility and security than Apple's built-in manager. Apple's version is good enough for basic functions, anything more and a dedicated manager is far more advanced. Everyone knows that LastPass is trash and has always been trash.
Score: 32 Votes (Like | Disagree)
Abazigal Avatar
21 months ago

Why would you not use the built in password manager and instead willingly pay to use another, less secure, manager?
It’s a pain to retrieve passwords when you want to key them into a non-Apple device. For example, when I went to log in to an account on my windows work laptop, I can view said password via the 1Password app on my Apple Watch. It’s also much easier to generate / change passwords in the 1Password app. iCloud Keychain really needs its own standalone manager app, rather than being hidden in the settings app.
Score: 30 Votes (Like | Disagree)
djcerla Avatar
21 months ago
… but this time it’s the LastTime!
Score: 29 Votes (Like | Disagree)
ProfessionalFan Avatar
21 months ago
I switched all my passwords to iCloud passwords. Not only does it work more seamlessly as an Apple ecosystem member, but it feels more secure.
Score: 25 Votes (Like | Disagree)
Poleri Avatar
21 months ago
This is why I use BitWarden for years. :cool:
Score: 21 Votes (Like | Disagree)
TriBruin Avatar
21 months ago

That used to be true but now that they added 2FA and notes there isn’t much of a difference and, in Apple slickness, the 2FA integration is one tap seamless. The only reason I use BitWarden as well is for redundancy. I would like to see categories added, I do like that in BW.
Not much difference? If so, where can I get these features using iCloud:

* Multiple vaults so I can separate personal from work passwords?
* Ability to give family members access to certain passwords (like streaming services) while keeping other passwords only to myself
* Ability to store sensitive documents, along with personal information (Drivers License numbers, SSNs, etc.)
* Ability to fill MORE than just user name and password fields (At, I have to enter my number and last name to log in.)
* Ability to recognize when a site uses SSO via Apple, Google, GitHub, etc. and remember that setting so the next time I go to that site it takes me direcly to the correct SSO login?
* Save my SSH keys so I don't have to manually copy them to each computer I use?

If you have basic needs, sure iCloud works. But, the best Password managers do SO much more. People need to stop saying that Apple is "almost the same". They are not even in the same ballpark.
Score: 19 Votes (Like | Disagree)