{"id":20393,"date":"2022-12-02T01:04:16","date_gmt":"2022-12-02T01:04:16","guid":{"rendered":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/02\/latest-lastpass-data-breach-involves-hacker-gaining-access-to-third-party-cloud-storage\/"},"modified":"2022-12-02T01:04:16","modified_gmt":"2022-12-02T01:04:16","slug":"latest-lastpass-data-breach-involves-hacker-gaining-access-to-third-party-cloud-storage","status":"publish","type":"post","link":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/02\/latest-lastpass-data-breach-involves-hacker-gaining-access-to-third-party-cloud-storage\/","title":{"rendered":"Latest LastPass data breach involves hacker gaining access to third-party cloud storage"},"content":{"rendered":"

<\/a>\n
<\/p>\n

\n

Password manager LastPass US LP<\/a> has suffered another data breach, with a hacker gaining access to a third-party cloud storage service used by the company and its affiliate GoTo Technologies USA Inc.<\/p>\n

The data breach was a direct result of a previous breach reported by LastPass in August<\/a>. Those behind the first hack used\u00a0data obtained in the hack to gain access to the unnamed cloud provider and customer information. The exact data accessed was not detailed by LastPass, but the company did say that customer passwords were not accessed and remained safely encrypted.<\/p>\n

\u201cWe are working diligently to understand the scope of the incident and identify what specific information has been accessed,\u201d LastPass said in an email to customers. \u201cIn the meantime, we can confirm that LastPass products and services remain fully functional.\u201d<\/p>\n

While the email to customers starts with mentioning that the company has a \u201ccommitment to transparency,\u201d and then going public with the details they have is always positive, yet another incident is not a good look for the company many rely on \u2013 including the writer of this article, to secure their passwords.<\/p>\n

LastPass has a growing list of hacks and security incidents. Along with the now two this year, the company\u2019s history of being hacked goes back to 2015<\/a>, followed by security issues in 2017<\/a> and\u00a02019.<\/a>\u00a0In December last year<\/a>, LastPass users reported attempted logins using their master passwords, although the attack was attributed to credential stuffing. In January<\/a>, LastPass admitted it had suffered an outage it first denied that was caused by a bug.<\/p>\n

\u201cIt\u2019s concerning to hear that LastPass has experienced another security incident following a previous one that was made public back in August,\u201d Chris Vaughan, vice president \u2013 technical account management, EME at cybersecurity and systems management company Tanium Inc.<\/a>, told SiliconANGLE. \u201cThe attack involved source code and technical information being taken from unauthorized access to a third-party storage service the company was using.\u201d<\/p>\n

\u201cPassword managers are a challenging but attractive target for a threat actor, as they can potentially unlock a treasure trove of access to accounts and sensitive customer data in an instant if they are breached, \u201d Vaughn explained. \u201cHowever, I believe that the benefits of using a secure password management solution often far outweigh the risks of a potential breach. When layered with the other security recommendations, it\u2019s still one of the best solutions to prevent credential theft and associated attacks.\u201d<\/p>\n

Image: LastPass<\/h5>\n
\n
\n

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.<\/span><\/h3>\n<\/div><\/div>\n