Within months of the LastPass hack, the popular password manager suffered another breach that exposed user data. The announcement came directly from the company’s CEO, Karim Toubba, who however wanted to reassure customers.
In a post, the CEO explained that ghe hackers gained access to a cloud storage service third-party used by the password manager and were able to “obtain access to certain items and some customer information”. It’s not clear what data is affected, but Toubba still wanted to clarify that the User passwords are safe.
“Our customers’ passwords remain securely encrypted thanks to LastPass’ Zero Knowledge architecturesays the CEO, citing the internal policy that only the user knows their master password.
Last August, the app was the victim of another hack attackA: The same company had confirmed the theft of part of the source code and unauthorized access to internal systems for four days. This new attack would appear to be related as Loubba in claims to have determined that the hackers have gained access to user data”using information obtained in the August 2022 crash”. Despite this, however, the services remain functional and the technicians are at work to “understand the scope of the incident and identify what information is involved”.