"This comes just months after LastPass confirmed that hackers had stolen some of its source code in August and had access to LastPass’ internal systems for four days before getting detected. It looks like this new attack is connected, as Loubba says it determined that hackers gained access to user data “using information obtained in the August 2022 incident.”"
Just read it looking for that extra info and not seeing it? the blog post and this article seem to have the identical information in them. The blog post is in a series, so for background on the "four days in august" you can scroll down.
it's certainly not acceptable that all they are saying is "certain elements of our customers’ information." very unacceptable, if it's credit card numbers or home addresses, they have to reveal that. the current language makes it look like they want to hide some kind of very bad news which is worse. Also their August post indicated that the developer account that was compromised had no access to customer data, so why exactly was that wrong.
Perhaps the attacker determined how the software interacts with customer information, by reading the source code, and was able to exploit the information somehow.
The current update fits pretty well exactly on my screen, so I saw no hints that it was a series. After seeing the usual corporate speak and signoff, I assumed that was it.
I went looking in their history of posts for more information on the August incident but couldn't find anything, as the older installments do not show up individually.
"This comes just months after LastPass confirmed that hackers had stolen some of its source code in August and had access to LastPass’ internal systems for four days before getting detected. It looks like this new attack is connected, as Loubba says it determined that hackers gained access to user data “using information obtained in the August 2022 incident.”"
https://www.theverge.com/2022/11/30/23486902/lastpass-hacker...