Entries in LastPass (3)

Thursday
Mar022023

Update on Recent Security Incident

DateThursday, March 2, 2023 at 12:07PM

Dear LastPass Customer,
We are writing today to update you on our recent security incident disclosed on December 22. We have now completed an exhaustive investigation and have not seen any threat actor activity since October 26.
Earlier today, we posted an update to our blog with new findings and important information, including what happened and the actions we have taken, what data was accessed, what we have done to secure LastPass, actions we are recommending customers take to protect themselves or their businesses, and what you can expect from us going forward.
Given the volume of information we are sharing in the blog post, and to better assist our customers with their own incident-response efforts, we have prepared a Security Bulletin specifically for our Free, Premium, and Families consumer users to help guide you through a review of important LastPass settings designed to help secure your account by confirm best practices are being followed.
Please review the Security Bulletin and make any necessary changes to your account.
In sharing these additional details today and in our approach going forward, we are determined to do right by our customers and communicate more effectively. We thank you for your patience and continued support of LastPass.

The Team at LastPass

 

 
AuthorBob Appleby | CommentPost a Comment |
in , ,
Wednesday
Mar012023

LastPass experienced a second major data breach in December 2022.

DateWednesday, March 1, 2023 at 7:41AM

New Email from our Service Group:

Description:

LastPass confirmed it was breached, a fallout of the August 2022 incident wherein portions of source code and proprietary LastPass technical information were compromised. The December breach came to light after the company noticed unusual activity in a third-party cloud storage service it shares with Go To, its parent company.

Safeguard yourself from the effects of the LastPass data breach.

Learn more: Visit this page for more details

AuthorBob Appleby | CommentPost a Comment |
in ,
Thursday
Dec012022

Notice of Recent Security Incident

DateThursday, December 1, 2022 at 12:54PM

Dear valued customer,

In keeping with our commitment to transparency, we wanted to inform you of a security incident that our team is currently investigating.

We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement.

We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass's Zero Knowledge architecture.

We are working diligently to understand the scope of the incident and identify what specific information has been accessed. As part of our efforts, we continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent further threat actor activity. In the meantime, we can confirm that LastPass products and services remain fully functional. As always, we recommend that you follow our best practices around the setup and configuration of LastPass, which can be found here.

As is our practice, we will continue to provide updates as we learn more. Please visit the LastPass blog for the latest information related to the incident: https://blog.lastpass.com/2022/11/notice-of-recent-security-incident/.

We thank you for your patience while we work through our investigation.

Sincerely,
The Team at LastPass
AuthorBob Appleby | CommentPost a Comment |
in ,