LastPass, the popular password manager, has been hit with a security breach that could potentially allow unauthorized access to user data. The company has released a statement saying that the attack happened on July 15th and that it is working to fix the issue. LastPass is one of the most popular password managers on the market, and it is likely that many users are impacted by this security breach. If you have used LastPass for any purpose recently, be sure to change your passwords!


LastPass announced the new security problem in a blog post, saying it was possible using information obtained in the August hack. The company explained, “we have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.”

LastPass didn’t say exactly which “certain elements” of customer information were accessed. Passwords (allegedly) were not accessed, which leaves email addresses, payment info, or something else. The company’s investigation is still ongoing.

It’s great to see LastPass being transparent about any security breaches — many companies just keep security incidents under wraps for as long as they can — but it’s not great that a password manager was hacked twice within the span of a few months. There was also an alleged leak back in December 2021, where some people had unauthorized login attempts using a stolen master password, but LastPass chalked that up to a credential stuffing attack targeted at people who were reusing passwords.

Source: LastPass Via: Ghacks