In August, password management company LastPass confirmed that there was one infringement in a dev environment. This resulted in her theft some passages of it code company and proprietary technical documentation, while customer data remained secure.
However, the company suffered yet another breach, and this time hackers gained access to customer data.
In an update in his initial notification of the security incidents, LastPass CEO Karim Toubba revealed that the company detected unusual activity at a third-party cloud storage service provider used by both LastPass and its subsidiary GoTo.
So the company launched an investigation into the whole matter, while also working with cybersecurity firm Mandiant and alerting law enforcement. So far, it has determined that a hacker used information from the August breach to gain access to “some data” of customer data in the shared cloud. However, customer passwords remain encrypted and secure.
It should be noted here that this is an ongoing investigation and no one knows what really happened. Currently LastPass customers have received tips to follow the practices listed here.
If you are thinking of changing your password manager, use the open source one Keepass, which stores your information, encrypted, locally and not in the cloud.