JAKARTA - Lastpass password management services discovered unusual activity, in which "unauthorized" people acquired access to third-party cloud currently shared by LastPass and its affiliate, GoTo.
In a statement given by the CEO of Lastpass, Karim Toubba said that his team is currently conducting an investigation into this matter.
"We will soon launch an investigation involving Mandiant, a leading security firm, and inform law enforcement," said Toubba.
We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate GoTo. Customer passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture. More info: https://t.co/xk2vKa7icq pic.twitter.com/ynuGVwiZcK
— LastPass (@LastPass) November 30, 2022
Toubba added that the unauthorized party used information stolen from the LastPass system last August to gain access to its customer information.
The company did not say what data the hackers managed to retrieve, but Toubba guaranteed that its customer password remained securely encrypted thanks to the Zero Knowledge LastPass architecture.
While the company is working hard to understand hacking and identify what specific information has been accessed, the LastPass service is still fully functioning.
"As part of our efforts, we continue to implement improved security measures and monitoring capabilities across our infrastructure to help detect and prevent the activities of further threat actors," he explained.
Toubba also promised to continue to provide updates when the company has received further information. This is done because it is in accordance with Lastpass's commitment to security transparency.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)