LastPass says a security breach in August has led to the exposure of customer information.
The password manager lets users store private passwords that are encrypted and accessed through a master password, similar to 1Password and Bitwarden.
The company has changed its original tone after initially stating no customer information was compromised.
“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” Karim Toubba, LastPass CEO, said in a blog post.
The company launched an investigation, engaged a security firm, and informed law enforcement.
“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.”
While Toubba said passwords remain encrypted, the company continues to investigate the scope of the breach.
Source: LastPass