LastPass - Notice of Recent Security Incident

UPDATE 11/30/22

This advisory has been updated with additional information from LastPass regarding a recent security incident with their affiliate, GoTo. No customer passwords were exposed as part of this incident. Additional information can be found at their blog post below:

https://blog.lastpass.com/2022/11/notice-of-recent-security-incident/

 

UCLA Information Security is aware of the press release shared by LastPass on 08/25/2022 regarding a recent security incident that impacted one of LastPass’ development environments which led to the exfiltration of portions of their source code and proprietary LastPass technical information. 

LastPass has published additional information regarding this incident at the blog post below, along with an FAQ with current guidance:

https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/

Per the FAQ, LastPass has indicated no end-user or customer action is required at this time as there is no indication that Master Passwords, personal information, and/or vault data have been compromised or exposed. UCLA Information Security is in contact with the campus LastPass account representatives to continue monitoring the situation, and will share any additional updates as they are released.

If you have any questions or concerns, please contact us at security@ucla.edu.