Skip to main content
  1. Home
  2. Computing
  3. News

Hackers just stole LastPass data, but your passwords are safe

Alex Blake
By

The developers behind password management software LastPass have just shared some concerning news: Bad actors were recently able to access “elements of our customers’ information” in a recent security breach.

It’s the second time in just a couple of months that LastPass has suffered a security incident, and it appears the two events are directly linked. That’s because LastPass’s developers say that the unauthorized party was able to access customer data “using information obtained in the August 2022 incident.”

A physical lock placed on a keyboard to represent a locked keyboard.
piranka / Getty Images

For those unfamiliar with that episode, hackers managed to access and steal parts of LastPass’s source code. While the company said no customer data was stolen at the time, it appears the source code allowed the hackers access to private information this time around.

Recommended Videos

Indeed, the company was alerted to the breach when it detected “unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo.”

Related

Your passwords are safe

A dark mystery hand typing on a laptop computer at night.
Andrew Brookes / Getty Images

Fortunately, there is some good news: customer passwords appear to be safe and remain fully encrypted. That’s thanks to LastPass’s Zero Knowledge structure, which basically means that only you have access to your master password and any data stored inside your vault — not even LastPass’s developers can access it. With that kind of firewalling in place, the hackers were unable to steal any passwords or vital account data.

Still, it’s a worrying development for both LastPass and its users. People store incredibly sensitive information in password managers, and not just the keys to their digital accounts. LastPass can also be used to safely stow credit card information, private notes, and other data that should be kept locked away from prying eyes.

In the meantime, LastPass has been working with security firm Mandiant to work out exactly what happened in this latest security breach. Law enforcement agencies have also been notified, and no doubt will be carrying out their own investigation.

LastPass has reassured users that its “products and services remain fully functional,” and has recommended customers should follow its best practices for setting up and configuring their accounts using the instructions on the LastPass website. The company has promised to post more updates “as we learn more.”

Editors' Recommendations

Topics
Alex Blake
Alex Blake
Computing Writer
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
NordPass adds passkey support to banish your weak passwords
password manager lifestyle image

Weak passwords can put your online accounts at risk, but password manager NordPass thinks it has the solution. The app has just added support for passkeys, giving you a far more secure way to keep all your important logins safe and sound.

Instead of a vulnerable password, passkeys work by using your biometric data as your login ‘fingerprint.’ For example, you could use the Touch ID button on a Mac or a facial recognition scanner on your smartphone to log in to your account. No typing required.

Read more
LastPass reveals how it got hacked — and it’s not good news
A depiction of a hacker breaking into a system via the use of code.

Last year was a particularly bad one for password manager LastPass, as a series of hacking incidents revealed some serious weaknesses in its supposedly rock-solid security. Now, we know exactly how those attacks went down -- and the facts are pretty breathtaking.

It all began in August 2022, when LastPass revealed that a threat actor had stolen the app’s source code. In a second, subsequent attack, the hacker combined this data with information found in a separate data breach, then exploited a weakness in a remote-access app used by LastPass employees. That allowed them to install a keylogger onto the computer of a senior engineer at the company.

Read more
This major Apple bug could let hackers steal your photos and wipe your device
A physical lock placed on a keyboard to represent a locked keyboard.

Apple’s macOS and iOS are often considered to be more secure than their rivals, but that doesn’t make them invulnerable. One security team recently proved that by showing how hackers could exploit Apple’s systems to access your messages, location data, and photos -- and even wipe your device entirely.

The discoveries were published on the blog of security research firm Trellix, and will be of major concern to iOS and macOS users alike, since the vulnerabilities can be exploited on both operating systems. Trellix explains that Apple patched the exploits in macOS 13.2 and iOS 16.3, which were released in January 2023, so you should update your devices as soon as you can.

Read more