In a December 22 update, LastPass has confirmed how a threat actor was able to “access and decrypt some storage volumes” from a cloud-based storage service, physically separate from the LastPass production environment. The problem is that this service stored backups, including backups of customer vault data.
![](https://happygeek.com/wordpress/wp-content/uploads/2019/09/passsword-210919.jpg)