"LastPass, GoTo Announce Security Incident"

LastPass and its affiliate GoTo (formerly LogMeIn) announced a security incident and, in the case of LastPass, a possible data breach. According to GoTo CEO Paddy Srinivasan, unusual activity was discovered within their development environment and third-party cloud storage service. It was also revealed that GoTo, a cloud-based Software-as-a-Service (SaaS) provider of remote work collaboration and Information Technology (IT) management tools, and LastPass, the company behind the popular password manager of the same name, share the third-party cloud storage service. Both companies are working with Mandiant to help their internal teams investigate the problem and have notified law enforcement. Furthermore, both companies' products and services continue to function normally. Although GoTo does not mention the compromise of any information, LastPass CEO Karim Toubba said their preliminary investigation has revealed that an unauthorized party was able to gain access to certain elements of their customers' information using information obtained in the August 2022 incident. The customers' passwords are said to remain safely encrypted due to LastPass's Zero Knowledge architecture. He was referring to an incident in August 2022 that resulted in a breach and the exfiltration of portions of source code as well as some proprietary LastPass technical information. This article continues to discuss the security incident announced by LastPass and GoTo. 

Help Net Security reports "LastPass, GoTo Announce Security Incident"