The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company.
The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted password vaults by using data siphoned from the earlier break-in.
Also stolen is “basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,” the company said.