The data breach which hit password manager LastPass this August was more serious than earlier perceived, and involved customer passwords being stolen, the company admitted in a latest update on the situation.
In the August hack, the company claimed that a threat actor gained internal access to its systems for a period of four days, and was able to steal a portion of the password manager’s source code as well as technical information. After conducting an investigation, the company saw “no evidence” that the hacker was able to access customer data or encrypted password vaults, the firm initially claimed. But in its update on Dec. 22, the company admitted to customer data being affected by the breach.
