In August, password management company LastPass confirmed that there was a breach in a dev environment. This resulted in her theft of certain snippets of the company's code and proprietary technical documentation, while customer data remained secure.
However, the company suffered yet another breach, and this time hackers gained access to customer data.
In an update in his initial notification of the security incidents, LastPass CEO Karim Toubba revealed that the company detected unusual activity at a third-party cloud storage service provider used by both LastPass and its subsidiary GoTo.
So the company launched an investigation into the whole matter, while at the same time working with the cyber security company Mandiant και ειδοποίησε τις αρχές επιβολής του νόμου. Μέχρι στιγμής, έχει διαπιστώσει ότι κάποιος hacker χρησιμοποίησε πληροφορίες από την παραβίαση του Αυγούστου για να αποκτήσει πρόσβαση σε “ορισμένα στοιχεία” data customers at shared cloud. However, customer passwords remain encrypted and secure.
It should be noted here that this is an ongoing investigation and no one knows what really happened. For now LastPass customers have been advised to follow the practices listed here.
If you are thinking of changing password manager use open source Keepass, which stores your information, encrypted, locally and not in the cloud.
