The password manager Lastpass has been affected by a critical security vulnerability for the second time within a few months. According to the report, unusual activities were recently discovered within a third-party cloud storage service. Attackers can thus gain access to personal user data.
Lastpass security flaw continues to spread
As vendor Lastpass of the eponymous password manager admits on its own blog and via Twitter, it recently noticed unusual activity within a third-party cloud storage service used by its subsidiary GoTo in addition to Lastpass.
An investigation was immediately launched and a security firm, Madiant, was brought in, as well as law enforcement authorities were informed, the provider writes further.
The new security incident is directly related to a first incident from August 2022, in which unknown attackers were able to gain access to various components of customer user data.
However, the stored passwords were not compromised, Lastpass further writes. These are still secure due to the encryption architecture.
They are working diligently to “assess the extent of the incident and identify what information in particular has been accessed,”but can confirm that Lastpass products and services continue to function fully, the provider added.
The own master password is not compromised and those affected do not have to take any further steps, Lastpass states. The company will continue to keep users informed as soon as new details are available.