For the second time this year and in just a few months, LastPass confirms that its systems were breached, causing concern for hundreds of thousands of users worldwide who trust it with their valuable passwords.
As LastPass CEO Karim Toubba admitted, the hackers used information they had intercepted in their previous attack to regain access to the company's systems. It is clear that customers' passwords are not at risk because they are encrypted, but they still don't know what kind of information got back into the hands of the attackers.
LastPass has begun investigating the new attack in collaboration with Mandiant, one of the world's leading cyber security companies, and has also notified relevant law enforcement authorities. The company's services continue to function normally for all users, but it's clearly another big blow to its credibility.
During the previous attack last August, hackers gained access through the terminal of a LastPass developer and managed to steal part of the source code, as well as technical information about the service. Even then, LastPass stressed that there was no risk to users' personal data and vaults.