LastPass has issued an announcement acknowledging {that a} latest cyberattack has resulted within the theft of buyer knowledge, along with providing cybercrooks entry to encrypted buyer vaults.
The assault was a follow-on from a earlier breach in August that resulted within the theft of the LastPass supply code.
“To date, we’ve decided that when the cloud storage entry key and twin storage container decryption keys have been obtained, the menace actor copied data from backup that contained primary buyer account data and associated metadata together with firm names, end-user names, billing addresses, e-mail addresses, phone numbers, and the IP addresses from which clients have been accessing the LastPass service,” the corporate assertion mentioned.
LastPass added that a backup copy of encrypted buyer vault knowledge was additionally stolen, together with web site usernames, passwords, safe notes, and form-filled knowledge.
The firm warns clients to be looking out for phishing, credential stuffing, and brute-force assaults because of the compromise.