If passwords are giving you a hard time and you’re thinking of getting something like LastPass to do the remembering for you, then maybe think again. The password manager on Wednesday admitted that an unauthorised party was able to “gain access to certain elements” of its “customers’ information.”
This isn’t even the first time that LastPass ran into an incident like this. Last August, the company admitted that hackers gained access to some of its source code through a compromised developer account. It was this stolen information that helped hackers breach for the second time, according to the official blog post about the hack. “We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement,” reads the blog post.
However, LastPass is yet to reveal what specific information was accessed with the breach. The company says that it’s “working diligently to understand the scope of the incident.” But it did reassure that customers’ stored passwords remain safely encrypted due to the Zero Knowledge architecture.
Zero Knowledge architecture helps LastPass maintain an additional layer of security. The company has no access to customers’ master passwords, which means only users can decrypt the passwords they’re storing.