Software that hosts large amounts of personal data is attractive to hackers and other malicious actors. LastPass knows this better than anyone. The famous password manager published by the company LogMeIn has just been the victim of an intrusion into its computer systems.
The second hack of 2022
The company nevertheless wants to be reassuring and explains that “our customers’ passwords stay securely encrypted thanks to LastPass’ Zero Knowledge architecture.“So no need to go around the web to change your credentials right away. Pretty terse on the extent of the hack, LastPass simply explains”work diligently to understand the scope of the incident and identify the specific information that was accessed.“
This is the second time this year that LastPass has been the victim of such an intrusion. Already last August, the company explained that a malicious hacker had managed to steal part of the platform’s source code using a compromised developer account. It is this data theft that allowed an unauthorized person to infiltrate the company’s servers again, explains LastPass.
Information still fragmented
As a show of good faith, LastPass hired cybersecurity consulting firm Mandiant and alerted law enforcement to the unauthorized access to its systems. “As usual, we will continue to update you as soon as we know more.“concludes the company.
If a second attack in the same year is not necessarily likely to reassure LastPass customers, remember that no computer system is inviolable. The critical information stored by LastPass also makes it a prime target for hackers of all kinds. The best thing you can do to secure your data at the moment is still activate double authentication on their accounts.