1 day ago
1
Password manager shaper LastPass is notifying customers that their idiosyncratic accusation and lawsuit enactment lawsuit records were stolen during a caller hack astatine 1 of its exertion partners, marking the company’s latest information breach successful caller years.
In an email shared with TechCrunch from an affected customer, LastPass said the breach occurred astatine marketplace probe steadfast Klue, and not its ain systems. However, hackers abused their entree to get reams of information astir LastPass customers.
LastPass is the latest successful a increasing database of cybersecurity companies that person reported information thefts arsenic a effect of the breach astatine Klue, which the institution disclosed past week. Several different affected companies see HackerOne, Recorded Future, and Tanium.
In a blog post that shared accusation astir the incident, LastPass said the hackers took customers’ names, telephone numbers, email addresses, carnal addresses, arsenic good arsenic lawsuit enactment lawsuit information and sales-related data.
LastPass said the company’s ain infrastructure was unaffected, including customers’ password vaults.
It’s not yet known what was successful the contents of lawsuit enactment tickets, though they apt incorporate fragments of perchance backstage oregon delicate information. Customers typically interaction lawsuit work erstwhile they are having a billing contented oregon request assistance successful gaining entree to their accounts. Past incidents involving lawsuit enactment tickets person included credentials and government-issued individuality documents.
Spokespeople for LastPass did not instantly respond to TechCrunch’s petition for comment, oregon questions astir the incident, including however galore customers are affected by the incident.
LastPass has much than 33 cardinal users and astir 1.6 cardinal paying customers arsenic of 2024, according to its website.
LastPass previously experienced a information breach successful 2022, successful which hackers stole the company’s full store of lawsuit password vaults, which are utilized to store their delicate credentials, specified arsenic passwords, tokens, and different idiosyncratic and recognition paper numbers.
While the vaults were encrypted with maestro passwords lone known to the customer, the breach allowed hackers to brute-force and ace the vaults offline with the weakest maestro passwords, and subsequently entree the secrets inside. Several crypto thefts were aboriginal linked to the LastPass breach, aft hackers were suspected of stealing the victim’s wallet keys by cracking their password vault.
Klue CEO Jason Smith said successful a blog station that the institution identified hackers successful its systems connected June 12. A hacking and extortion radical called Icarus took recognition for the breach, and person publically threatened to merchandise the stolen information if a ransom isn’t paid.
Smith has not responded to TechCrunch’s emails astir the incident, including however galore customers are affected oregon if the institution has been successful interaction with the hackers.
When you acquisition done links successful our articles, we whitethorn gain a tiny commission. This doesn’t impact our editorial independence.
English (US) ·