LastPass Breach… Is Your Data Safe?

As you may have heard, LastPass has been breached for the second time in three months. It is suspected that the second attack was by the same bad actor as the first, using information acquired during the initial breach.

Back in August 2022 LastPass said that an unauthorized party “gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information” and their security measures “prevented the threat actor from accessing any customer data or encrypted password vaults.”

LastPass posted a Notice of Security of this latest incident saying: “We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.”

In an interview, LastPass CEO Karim Toubba said “We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement.”

LastPass available on Windows, MacOS, and mobile devices.  Source: LastPass.com
LastPass available on Windows, MacOS, and mobile devices. Source: LastPass.com



According to LastPass, customer data was accessed by the attacker, however, user data is encrypted. The end user’s LastPass password is an integral part of that encryption process. This means that even LastPass should not have the ability to decrypt user data stored on their service.

How to protect yourself?

LastPass recommends (and has done so for a very long time) that all users turn on multi-factor authentication for account access. This will effectively eliminate the risk of unauthorized access to customer data.


It is also recommended to not allow the LastPass mobile app or browser plug-ins to remember your password, as this creates a major vulnerability to anyone with access to that computer or mobile device.

Permanent link to this article: https://www.robertborges.us/2022/12/news/lastpass-breach-is-your-data-safe/