There’s an update to the LastPass security incident they disclosed in August. LastPass had released its findings from that incident in a September update, posted on their site.
But now there’s another a new disclosure involving an incident facilitated by the August incident. LastPass’s CEO, Karim Toubba, writes:
We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement.
We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.
Read more at LastPass