Two weeks ago, the password manager giant LastPass disclosed its systems were compromised for a second time this year.
Back in August, LastPass found that an employee’s work account was compromised to gain unauthorized access to the company’s development environment, which stores some of LastPass’ source code. LastPass CEO Karim Toubba said the hacker’s activity was limited and contained, and told customers that there was no action they needed to take.
Fast-forward to the end of November, and LastPass confirmed a second compromise that it said was related to its first. This time around, LastPass wasn’t as lucky. The intruder had gained access to customer information.
In a brief blog post, Toubba said information obtained in the August incident was used to access a third-party cloud storage service that LastPass uses to store customer data, as well as customer data for …
