LastPass confirmed another security breach compromised user data, marking the second major incident at the password manager in recent years. The company is investigating the scope of the breach and notifying affected customers.
LastPass disclosed the breach following unauthorized access to its systems. The company has not yet detailed which specific customer information was exposed, but previous incidents at the service have included master passwords and encrypted vault data.
In other security news this week:
Microsoft Infrastructure Takedown: Microsoft coordinated with law enforcement to dismantle infrastructure used by a major infostealer malware operation, disrupting campaigns targeting thousands of organizations globally.
Bolton Guilty Plea: Former National Security Advisor John Bolton pleaded guilty to charges related to retaining classified materials without authorization, resolving his legal case stemming from an investigation into mishandled government documents.
LastPass users are advised to change passwords and monitor accounts for suspicious activity. Security experts continue recommending password managers as essential tools despite breaches, emphasizing the importance of strong master passwords and two-factor authentication across accounts.
Two teenagers have been sentenced to five and a half years each for breaking into Transport for London's core IT systems in 2024. The breach exposed data belonging to millions of commuters and forced 27,000 TfL staff to reset passwords.
Mozilla research found that period tracker Stardust shares users' health data with an analytics company, revealing significant privacy gaps among menstrual health apps. The findings highlight inconsistent data protection practices across the category.
Traditional security workflows designed for human-speed operations are inadequate for AI agents, requiring organizations to rebuild defenses around live identity foundations and customizable threat responses.