LastPass got hacked again, and this time it affects customers

A shoe has dropped following LastPass’s August security breach.

Credit: Dreamstime

It's been a rough year for LastPass. Back in August, the popular password manager suffered a security breach, in which the company's developer environment was infiltrated.

At the time, LastPass said that while part of its source code and proprietary technical info were taken, customers were unaffected.

Now the company has experienced a second related hack, this time impacting customers. As reported Wednesday on its blog, LastPass recently detected unusual activity within a third-party cloud storage service.

An investigation has so far revealed that the breach stemmed from knowledge gained during the August 2022 incident, and that certain elements of customers' information have been accessed. Further information is unavailable, as the investigation is still ongoing. LastPass says that customer passwords remain safely encrypted, however.

If you find this news unsettling despite the service earning recommendations (including ours) for its day-to-day experience, your reaction is a fair one.

LastPass has suffered hacks of its service in previous years, with notable incidents including 2015's unauthorised access of user account email addresses, password reminders, and authentication hashes.

Other security lapses include 2017's browser extension vulnerability, which allowed websites to steal passwords. In 2019, the same security researcher who discovered the 2017 issue also discovered another browser extension vulnerability that allowed the last used password to be leaked.

The company has even made communication bumbles, like security alert emails sent to customers unaffected by a credential stuffing attack. Other top-notch password managers haven't reported nearly as many incidents over the years, and if you're so inclined, you can make a switch to one of them pretty easily.

You can also review the security on your LastPass account, making sure it falls in line with best practices, including the use of a strong password, enabling two factor authentication, and keeping a close eye on authorised devices.

But as discomforting as this transparency may be, the underlying issue isn't the general concept of a password manager. They remain a vital part of online security, and you can find ways of making them more comfortable to use, even in the face of security breaches. Don't abandon them outright.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Alaina Yee

Alaina Yee

PC World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?