LastPass noticed some unusual activity within a third-party cloud storage service that is shared by LastPass and affiliate GoTo. According to Fox News, "CEO Karim Toubba said the company recently detected unusual activity within a third-party cloud storage service that is shared by LastPass and affiliate GoTo.

He said an investigation was immediately launched into the incident by security firm Mandiant and that law enforcement had been alerted."

They also said, "Password manager LastPass announced Wednesday it had suffered its second data breach in three months."

Mike Walters, VP of vulnerability and threat research at Action1, told Spiceworks. “The trend of repeated hacks, where the company fails to eliminate the consequences of the breach for months, is frustrating.”

 

How to avoid data breaching

 

Walters said, “To avoid this mistake, you should take decisive steps to investigate the security incident, as well as to find and fix any and all security vulnerabilities. Namely, carefully examine the investigation report and conduct an in-depth analysis of all architectural issues. Implement robust network segmentation and complete visibility into network traffic and user behavior. Ensure you receive alerts about any abnormal events.”

“Also, validate that your IDS/IPS, Endpoint Protection, EDR, NGFW, Sandbox, Honeypot, and RMM systems are in place and fine-tuned according to your business needs.  Finally, you need to have a SOC center for incident response.”

 

The company's response

 

Toubba said, "We are working diligently to understand the scope of the incident and identify what specific information has been accessed.

"In the meantime, we can confirm that LastPass products and services remain fully functional,”

According to The Edge Markets, "The company recommended that its users "follow our best practices around setup and configuration", including setting up multi-factor authentication."

For more updates on security industry, click here.