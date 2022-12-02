If passwords are giving you a hard time and you’re thinking of getting something like LastPass to do the remembering for you, then maybe think again. The password manager on Wednesday admitted that an unauthorised party was able to “gain access to certain elements” of its “customers’ information.”

This isn’t even the first time that LastPass ran into an incident like this. Last August, the company admitted that hackers gained access to some of its source code through a compromised developer account. The hackers not just source code but “some proprietary LastPass technical information” as well, according to the company. However, the company said at the time that they had no reason to believe hackers managed to access any customer data.

Cut to now and the official blog post for the latest incident stated that the information stolen from the previous hack helped hackers breach for the second time. “We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement,” reads the blog post.

However, LastPass is yet to reveal what specific information was accessed with the breach. The company says that it’s “working diligently to understand the scope of the incident.” But it did reassure that customers’ stored passwords remain safely encrypted due to the Zero Knowledge architecture.

Zero Knowledge architecture helps LastPass maintain an additional layer of security. The company has no access to customers’ master passwords, which means only users can decrypt the passwords they’re storing. Still, it’d make sense to at least change the master password — just to be safe — since there’s no telling what the hackers might’ve gained access to.