Password manager LastPass has told customers that some of their information has been accessed in a cybersecurity breach, but says passwords remain safe.
LastPass owner LogMeIn stresses that customer passwords have not been compromised, as the company uses end-to-end encryption so that only the subscriber has the decryption key.
Now, the company has said that information taken in the August incident was used to gain access to “certain elements of our customers’ information”.
LastPass is a password manager competing with 1Password. With these, all your passwords are stored in encrypted form, and you can log in to any website by using only a single master password to unlock your vault. This new LastPass breach comes on the heels of a LastPass security breach in August. This earlier breach did not impact any customer data, as it instead affected the company’s development environment, which LastPass claims doesn’t store customer data and is isolated from the production environment.
They discovered the breach after detecting unusual activity within a third-party cloud storage service shared by both LastPass and its affiliate, GoTo. GoTo, the company behind GoToMyPC (formerly known as LogMeIn), states about the incident that it detected unusual activity within its development environment and third-party cloud storage service.
It advisable to enable multi-factor authentication (MFA) on your LastPass accounts so that threat actors won’t be able to access your account even if your password was compromised. The instructions to enable MFA can be found on the LastPass support pages.