LastPass Parent Company GoTo Suffers Data Breach, Customers' Backups Compromised

LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service, impacted Central, Pro, join.me, Hamachi, and RemotelyAnywhere products, the company said. "The

Mitigate the LastPass Attack Surface in Your Environment with this Free Tool

The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to say that password best practices are not followed is a wild understatement. The reality is that there

LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen

The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted password vaults by using data siphoned from the earlier break-in. Among the data stolen are "basic

LastPass Suffers Another Security Breach; Exposed Some Customers Information

Popular password management service LastPass said it's investigating a second security incident that involved attackers accessing some of its customer information. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," LastPass CEO Karim Toubba said. GoTo, formerly called LogMeIn, acquired LastPass

Hackers Breach LastPass Developer System to Steal Source Code

Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed, although the company provided no further details regarding the hack and what source code was stolen.