Major password manager LastPass suffered a breach — again : NPR
Photo Leon Neal / Getty
LastPass, a major password manager, says it has been breached for the second time in three months by the same unauthorized party.
LastPass CEO Karim Toubba announced Fourth, the company detected “unusual activity” in its third-party cloud storage service, but customers’ passwords were still securely encrypted.
“We immediately launched an investigation, invited Mandiant, a leading security company, and alerted law enforcement,” Toubba wrote in a statement.
An unauthorized party gained access to parts of the LastPass development environment over a four-day period in August. There was no evidence of customer data access, Toubba wrote after this first breach, noting that the development environment did not contain any customer data.
Three months later, the same party used the information obtained in August to access “some elements” of customer information, Toubba said.
Toubba insists that the password is securely encrypted despite the recent breach.
“We are working hard to understand the scope of the incident and determine what specific information was accessed,” Toubba said. “In the meantime, we can confirm that LastPass products and services are operating as normal.”
However, the company recommends that its users “follow our best practices for setup and configuration”. consists of Set up multi-factor authentication.
Wired named LastPass as one of the honorable mentions for password managers this year. It used to be the tech publication’s favorite free option before LastPass changed its free plan to limit users to one device.
Lastpass’s paid plan offers most of the same features you’ll find in our other top picks, although it lacks 1Password’s travel features and isn’t as open-source as BitWarden. ,” Wired wrote. “We don’t see any reason to recommend it on our top picks, and it was hacked recently.”