Popular password manager software LastPass disclosed on Wednesday that unknown attackers recently breached its cloud storage using information stolen during a previous data breach from August.
Additionally, the company said that the threat actors managed to access customer data stored in the compromised storage service after breaching its systems.
“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” the company said in a notice to customers.
“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information,” LastPass added.
The company said that it hired cybersecurity firm Mandiant to investigate the incident and notified law enforcement of the attack.
LastPass also clarified that customers’ passwords were not compromised and “remain safely encrypted due to LastPass’s Zero Knowledge architecture.”
“We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” the company added.
LastPass also confirmed the data breach in a Twitter post on Wednesday, saying, “We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate GoTo. Customer passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.”
This is the second security incident disclosed by LastPass this year. In August, the company confirmed that its developer environment was breached through a compromised developer account.
LastPass confirmed in an email to customers at the time that hackers stole source code and proprietary technical information from its systems.
However, in a later update, the company revealed that the attackers behind this data breach were able to keep internal access to their systems for four days until being evicted.
LastPass is one of the most popular password managers on the market, claiming to be used by more than 33 million people and 100,000 businesses.