LastPass, a premium password manager that stores encrypted passwords online has suffered a major data breach and the subsequent theft of its customers' information on November 30 in a cybersecurity attack. This is the second data breach that the platform has reported this year. However, the company has confirmed that LastPass products and services remain fully functional.


As per the company website, LastPass is used by over 33 million people to secure their passwords. It helps customers from different industry backgrounds log into their business networks, social media platforms, and online retailers, among other areas.


"I wanted to inform you of a security incident that our team is currently investigating," Karim Toubba, CEO of LastPass, said in an official statement. The statement also said that the company "recently detected an unusual activity within a third-party cloud storage service."


Hackers are said to have used the data from a previous incident of hacking to gain access to LastPass' customers' information this time. The company CEO added, "We have determined that an unauthorised party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information."


As the investigations are underway currently, Taubba assured that "customers' passwords remain safely encrypted due to LastPass's zero knowledge architecture."


ALSO READ: Microsoft Teams Gets Ability To Schedule Messages And More


Commenting further on the investigations, he said, "We are working diligently to understand the scope of the incident and identify what specific information has been accessed."


The platform added that it "immediately launched an investigation, and has engaged Mandiant, a leading security firm, and alerted law enforcement." 


ALSO READ: Kanye West's Twitter Account Suspended Again For Posting Star Of David Image With Nazi Symbol Hakenkreuz


In the face of the current data breach, LastPass said, "we continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent further threat actor activity."