LastPass and GoTo report possible cyberattack

password manager security
(Image credit: Passwork)

Leading password manager LastPass and its affiliate, communications software provider GoTo, has revealed it suffered a breach to its cloud storage infrastructure following a cyberattack in August 2022.

In an update regarding the ongoing incident, the company admits that it has recently detected “unusual activity” within a third-party cloud storage service used by both LastPass and GoTo. 

The results of Lastpass' investigation, signed by LastPass CEO Karim Toubba and involving security experts from Mandiant, showed that someone used the credentials leaked in the incident to gain access to “certain elements” of LastPass’ customer information

Passwords are safe

Toubba did not go into further details about the type of data that was accessed, but he did say that the user passwords were untouched. 

“Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture,” he said. 

"While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity."

By virtue of being one of the most popular business password managers and generators out there, with over 100,000 businesses relying on it daily, LastPass is no stranger to data breaches committed by cybercriminals.

TechRadar Pro has previously reported that the company confirmed In late September 2022 that the threat actor responsible for the original breach in August lurked for days in its network, before ousted. 

However, the threat actor did not manage to access internal customer data, or encrypted password vaults at the time. LastPass claims that the latest development  has not changed that, owing to its Zero Knowledge architecture.

"Although the threat actor was able to access the Development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults," Toubba said at the time. 

The attacker was apparently able to access the company’s Development environment through a developer’s compromised endpoint

The investigation and forensics did not manage to determine the exact method used for the initial endpoint compromise, Toubba did say the attackers utilized their persistent access to impersonate the developer after successfully authenticating with multi-factor authentication.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.