LastPass has issued an announcement acknowledging {that a} latest cyberattack has resulted within the theft of buyer information, along with providing cybercrooks entry to encrypted buyer vaults.
The assault was a follow-on from a earlier breach in August that resulted within the theft of the LastPass supply code.
“So far, we have now decided that after the cloud storage entry key and twin storage container decryption keys have been obtained, the menace actor copied data from backup that contained primary buyer account data and associated metadata together with firm names, end-user names, billing addresses, e-mail addresses, phone numbers, and the IP addresses from which prospects have been accessing the LastPass service,” the corporate assertion stated.
LastPass added that a backup copy of encrypted buyer vault information was additionally stolen, together with web site usernames, passwords, safe notes, and form-filled information.
The corporate warns prospects to be looking out for phishing, credential stuffing, and brute-force assaults on account of the compromise.