In August of this year, hackers compromised LastPass’ developer environment through a leaked official developer account.Steals LastPass’ source code and know-how. But that leak only happened in the development environment, and did not involve user information and user vaults, so user information was not affected in that incident (click to learn about this incident).

Just three months later, LastPass has suffered another data breach, and this time user data has not been spared.

According to information disclosed by LastPass CEO Karim Toubba and official social media, hackers accessed a third-party cloud storage service used by LastPass and gained access to specific elements of customer information.

LastPass has not disclosed what information the hackers obtained or how many users were affected, but Karim Toubba emphasized that the user’s passwords were not compromised.

We recently detected unusual activity in a third-party cloud storage service that is currently shared by LastPass and its affiliate GoTo. Thanks to LastPass’ Zero Knowledge architecture, users’ passwords are still securely encrypted.

That is, only the user knows their master password, and the encryption only happens at the device level, not the server side.

This incident is not an independent incident, because this incident is related to the data breach in August this year. Karim Toubba stated in the announcement that hackers used information obtained in the August incident this year to finally gain access to user data.

LastPass is currently investigating to understand the scope of the incident and determine which user information was accessed. LastPass products and services are still operating normally. LastPass will deploy enhanced security measures and monitoring capabilities into its infrastructure to help detect and prevent further hacking activity.