Just had this in an email, not sure if this is widely known or not, however I used to use Lastpass, so thought worth sharing, this is the second time it has happened
Dear valued customer,
In keeping with our commitment to transparency, we wanted to inform you of a security incident that our team is currently investigating.
We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement.
We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass's Zero Knowledge architecture.
We are working diligently to understand the scope of the incident and identify what specific information has been accessed. As part of our efforts, we continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent further threat actor activity. In the meantime, we can confirm that LastPass products and services remain fully functional. As always, we recommend that you follow our best practices around the setup and configuration of LastPass, which can be found here.
As is our practice, we will continue to provide updates as we learn more. Please visit the LastPass blog for the latest information related to the incident: blog.lastpass.com/202…nt/.
We thank you for your patience while we work through our investigation.