This is the second data breach that LastPass has experienced. According to a post from LastPass CEO, hackers accessed a third-party cloud storage service used by the password manager and were able to gain access to some of their customers' information.
It's not clear what information hackers got access to or how many customers were affected, but Toubba says that users' passwords weren't compromised
According to Toubba, the company has a policy that only the user knows their master password, and that only happens at the device level.
In August, LastPass confirmed that some of its source code had been stolen and that some of its internal systems had been accessed for four days before being detected. According to Loubba, the attackers gained access to user data using information obtained in the August 2022 incident.
We are working diligently to understand the scope of the incident and identify what specific information has been accessed. The company notified law enforcement after launching an investigation into what happened.