Password management app LastPass says it is investigating a security incident after an “unauthorized party” compromised its systems on Wednesday and gained access to some customer information.

The information was stored in a third-party cloud service shared by LastPass and parent company GoTo, said LastPass CEO Karim Toubba in a blog post. Toubba said the hackers used information stolen from LastPass’ systems in a separate previously disclosed incident that occurred in August of this year. Toubba added in the blog post that “customers’ passwords remain safely encrypted.”

We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement.

We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.

According to a blog post dated August 22, the previous incident saw a threat actor gain access to the LastPass Development environment using a developer’s compromised endpoint to steal source code and some proprietary LastPass technical information. LastPass said at the time that its systems “prevented the threat actor from accessing any customer data or encrypted password vaults.”

LastPass is currently working to understand the scope of Wednesday’s incident and identify what specific information has been accessed. GoTo, formerly LogMeIn, said it was also investigating the incident, although it did not explain whether GoTo users were also impacted by the hack. In the meantime, LastPass products and services remain “fully functional,” said Toubba.

Related Stories

Plex Asks Users to Reset Passwords Following Data Breach

Popular media platform Plex has asked users to change their passwords “out of an abundance of caution” after it found a third-party had gained access to one of its internal systems. In a message to all users, Plex said that after discovering “suspicious activity” on one of its databases on Tuesday, the company ascertained that a hacker had been able to access “a limited subset of data”…

1Password Will Support Passkeys Starting in Early 2023

Popular password management service 1Password today confirmed that it will begin supporting passkeys in early 2023, allowing users to sign in to supported websites and apps without a password. Instead, biometric authentication on trusted devices is used to confirm your identity, and removing passwords from the equation means they can not be compromised or phished. Apple rolled out support…

1Password 8 for Apple Watch Released With New Features and Complications

AgileBits has announced the release of 1Password 8 for Apple Watch, a natural extension to its iOS app that completes the rollout of the new version of its multi-platform password manager. 1Password on Apple Watch gives users customizable access to “nearly anything” in their 1Password account, even when they don’t have their iPhone or an internet connection, according to the developers. The…

Anker’s Eufy Cameras Caught Uploading Content to the Cloud Without User Consent [Updated]

Anker’s popular Eufy-branded security cameras appear to be sending some data to the cloud, even when cloud storage is disabled and local only storage settings are turned on. The information comes from security consultant Paul Moore, who last week published a video outlining the issue. According to Moore, he purchased a Eufy Doorbell Dual, which was meant to be a device that stored video…

Twitter Working on End-to-End Encryption for Direct Messages

Twitter is working on end-to-end encryption for direct messages sent over the social network, according to app researcher Jane Manchun Wong. ”Seeing signs of the feature being worked on in Twitter for Android,” wrote Wong in a tweet, which was accompanied by code strings highlighting references to encryption keys. Twitter CEO Elon Musk later replied to Wong’s tweet with a winking face…

UK Begins Market Investigation into Apple and Google’s Mobile Dominance

The UK’s competition watchdog has begun its investigation into the market dominance of Apple and Google’s mobile browsers, months after it said it was considering a high-level probe. The Competition and Markets Authority (CMA) announced Tuesday that responses to its June consultation had revealed “substantial support” for a full investigation into how Apple and Google dominate the market and …

Apple Device Analytics Contain Identifying iCloud User Data, Claim Security Researchers

Monday November 21, 2022 1:22 am PST by Sami Fathi

A new analysis has claimed that Apple’s device analytics contain information that can directly link information about how a device is used, its performance, features, and more, directly to a specific user, despite Apple’s claims otherwise. On Twitter, security researchers Tommy Mysk and Talal Haj Bakry have found that Apple’s device analytics data includes an ID called “dsId,” which stands…

iCloud Passwords for Windows Gains 2FA Code Generator

The iCloud Keychain password manager in Apple’s iCloud for Windows app now supports two-factor authentication codes, according to user reports posted on Reddit. Two-factor authentication, or 2FA, acts as an additional layer of security for online accounts, by requesting a code generated by a password manager when the account owner logs in. Apple includes support for the generation of 2FA…

Popular Stories

Apple Releases iOS 16.1.2 With Carrier Improvements and Crash Detection Optimizations

Wednesday November 30, 2022 10:09 am PST by Juli Clover

Apple today released iOS 16.1.2, another minor bug fix update that comes one week after the release of iOS 16.1.1 and three weeks after the launch of iOS 16.1, an update that added support for iCloud Shared Photo Library, Matter, Live Activities, and more. The iOS 16.1.2 update can be downloaded on eligible iPhones over-the-air by going to Settings > General > Software Update. According…

Apple’s iPhone 14 Emergency SOS via Satellite Feature Saves Stranded Man in Alaska

With the launch of iOS 16.1, Apple rolled out a Emergency SOS via Satellite, which is designed to allow iPhone 14 owners to contact emergency services using satellite connectivity when no cellular or WiFi connection is available. The feature was put to the test in Alaska today, when a man became stranded in a rural area. In the early hours of the morning on December 1, Alaska State Troopers …

iOS 16.2 for iPhone Launching This Month With These 8 New Features

Apple plans to publicly release iOS 16.2 for the iPhone in mid-December, according to Bloomberg’s Mark Gurman. The update remains in beta testing for now, with at least eight new features and changes already uncovered so far. iOS 16.2 introduces a number of new features, including Apple’s new whiteboard app Freeform, two new Lock Screen widgets for Sleep and Medications, the ability to hide…

Man Robbed After Buying 300 iPhones From Apple Fifth Avenue

An unnamed 27-year-old man who purchased 300 iPhones from Apple Fifth Avenue on Monday morning was robbed shortly after leaving the store, according to 1010Wins Radio in New York. He was carrying 300 iPhone 13s in three bags and walking to his car at 1:45 a.m. when another car pulled up next to him. Two men jumped out and demanded that he hand over the bags. Not wanting to hand over 300…

‘M2 Max’ Geekbench Scores Leak Online, Revealing Rumored Specs and Performance

Wednesday November 30, 2022 2:39 am PST by Sami Fathi

Geekbench scores allegedly for the upcoming “M2 Max” chip have surfaced online, offering a closer look at the performance levels and specific details of the forthcoming Apple silicon processor. The Geekbench results, first spotted on Twitter, are for a Mac configuration of with the M2 Max chip, a 12-core CPU, and 96GB of memory. The Mac listed has an identifier “Mac14,6,” which could be…

iPad 10 Teardown Reveals Why Device Isn’t Compatible With Apple Pencil 2

Do-it-yourself repair website iFixit today shared a video teardown of Apple’s new 10th-generation iPad, providing a closer look inside the tablet and revealing why the device lacks support for the second-generation Apple Pencil. The teardown reveals the internal layout of the iPad, including its two-cell 7,606 mAh battery, logic board with the A14 Bionic chip, and more. As suspected, the…

Elon Musk Meets With Apple CEO Tim Cook Amid Claims of Twitter App Store Dispute [Updated]

Wednesday November 30, 2022 12:43 pm PST by Juli Clover

Twitter CEO Elon Musk today met with Apple CEO Tim Cook at the Apple Park campus in Cupertino, California, according to a tweet shared by Musk this afternoon. Musk thanked Cook for taking him around Apple’s headquarters, with no mention of what the two might have discussed. The meeting comes just after Musk on Monday claimed that Apple has “mostly stopped” offering ads on Twitter, and that…

Anker’s Eufy Cameras Caught Uploading Content to the Cloud Without User Consent [Updated]

Anker’s popular Eufy-branded security cameras appear to be sending some data to the cloud, even when cloud storage is disabled and local only storage settings are turned on. The information comes from security consultant Paul Moore, who last week published a video outlining the issue. According to Moore, he purchased a Eufy Doorbell Dual, which was meant to be a device that stored video…

Apple Announces 2022 App Store Award Winners, Highlighting Best Apps of the Year

Apple today announced its 2022 App Store Award winners, highlighting the 16 best apps and games selected by Apple’s global App Store editorial team. The top apps were chosen by Apple for their quality, innovative technology, creative design, positive cultural impact, and ability to deliver “exceptional experiences.” Apple CEO Tim Cook said: This year’s App Store Award winners reimagined…

Apple Still Has These 5 Things to Release Heading Into 2023

The calendar has turned to December and that means Apple has only one month left to fulfill its promises of releasing an Apple Music Classical app and expanding its self-service repair program to Europe before the end of 2022. Delays are always possible, of course, so the plans could be pushed back to 2023. In any case, we have put together a list of five things that Apple still has to release…