News & Resources

Recent Postings on Password Manager Security Breaches

Wired: The LastPass Hack Somehow Gets Worse

Wired: The LastPass Hack Somehow Gets Worse

The Catastrophic LastPass Breach Was Even Worse Than It Seemed

In December, the password-manager maker LastPass revealed that an August breach it had disclosed at the end of November was worse than the company originally thought, compromising encrypted copies of some users’ password vaults, on top of other personal information. Now, the company has disclosed a second incident that began in mid-August and allowed attackers to rampage ...

Read More...
Help Net Security: LastPass breach: Hacker accessed corporate vault by compromising senior developer’s home

Help Net Security: LastPass breach: Hacker accessed corporate vault by compromising senior developer’s home

LastPass is, once again, telling customers about a security incident related to the August 2022 breach of its development environment and subsequent unauthorized access to the company’s third-party cloud storage service that hosted backups: “The threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package ... 

Read More...
Forbes: Why You Should Stop Using LastPass After New Hack Method

Forbes: Why You Should Stop Using LastPass After New Hack Method

LastPass has, for the longest time, been one of the big names when it comes to password managers. Unfortunately, with a registered user base of over 25 million, it's also a big target for cybercriminals. Indeed, LastPass has quite the history of security incidents stretching back to 2011 when all users were requested to change their master passwords following a network traffic anomaly. I have always defended LastPass ...

Read More...
Kiplinger: LastPass Suffers New Data Breach. Is Your Account at Risk?

Kiplinger: LastPass Suffers New Data Breach. Is Your Account at Risk?

Update: LastPass' data breach woes continue...In a March 1 update(opens in new tab), LastPass announced that the hacker behind the previous breach (August 2022) has hacked a senior engineer’s home computer and obtained access to a critical corporate vault available to only four top employees. 

The vault gave the hacker access...

Read More...

CBS News: (2015) LastPass password manager hacked

CBS News: (2015) LastPass password manager hacked

LastPass, a password manager, revealed Monday that it had been the target of a hack that compromised account email addresses and several security elements used to encrypt user data.

"We are confident that our encryption measures are sufficient to protect the vast majority of users," the company said in a statement. "Nonetheless, we are taking additional measures to ensure that your data remains secure."

Read More...