The developers of the LastPass security app and service say that it is investigating a new security incident leading to some user data theft, just three months after the last one.
LastPass is one of the most high-profile apps and services for keeping users' passwords safe. The company has openly disclosed a new security investigation that stemmed from the one in August 2022.
"We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," wrote Karim Toubba, LastPass CEO, in a blog post. "We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement."
"We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers' information," continued Toubba. "Our customers' passwords remain safely encrypted due to LastPass's Zero Knowledge architecture."
"We are working diligently to understand the scope of the incident and identify what specific information has been accessed," Toubba says.
The company advises that users keep their LastPass apps updated. It also offers general best practice guidelines online.
This incident follows a year after LastPass members reported that their master passwords appeared to have been hacked. At the time, LastPass told AppleInsider that there had been no security compromise, and it believed hackers were using passwords culled from "third-party breaches related to other unaffiliated services."