“There is no evidence that any unencrypted credit card data was accessed.” The threat actor was also able to copy a backup of customer vault data from the encrypted storage container, which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data, he added. “To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass services,” Toubba wrote. In an update on the investigation, Toubba stated source code and technical information stolen from the LastPass development environment were used to target an employee and obtain credentials/keys, which were used to access and decrypt some storage volumes within a cloud-based storage service. December 22, 2022: LastPass confirms theft of source code and technical information “In addition, ensuring you have two-factor authentication on any applications with passwords in LastPass and changing passwords will provide the utmost level of security,” Iellin added. Iellin urged users to stay vigilant for updates from the company and to take time to verify these were legitimate before taking any action. ![]() This ensures things like cloud storage and backup access keys cannot be reused.” Exactly what this information is remains unclear, but typically it’s best practice after suffering a breach for the organization to generate new access keys and replace other compromised credentials. “The company has admitted the threat actor gained access using information obtained in the previous compromise. Yoav Iellin, senior researcher at Silverfort, stated that given the vast number of passwords LastPass protects globally, it remains a big attack target. ![]() ![]() Users were advised to follow best practices around the setup and configuration of LastPass.ĭecember 1, 2022: Researcher urges LastPass customers to stay vigilant In the meantime, we can confirm that LastPass products and services remain fully functional,” he added. “We are working diligently to understand the scope of the incident and identify what specific information has been accessed. The company determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain customers’ information, Toubba said, while stating that passwords remained safely encrypted due to LastPass’s Zero Knowledge architecture. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement,” Toubba wrote. “We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. LastPass notified users of a new security incident that its team was investigating. November 30, 2022: LastPass notifies customers of new security incident Our products and services are operating normally.” “We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. LastPass CEO Karim Toubba wrote to inform LastPass users that the company had detected unusual activity within portions of the LastPass development environment. August 25, 2022: LastPass detects “unauthorized” access Here is a timeline of the most recent LastPass data breaches from August to present. The security incident was the latest to affect the service in recent times in the wake of unauthorized access to its development environment in August last year, serious vulnerabilities in 2017, a phishing attack in 2016, and a data breach in 2015. While LastPass claims that users’ passwords remain safely encrypted, it admitted that certain elements of customers’ information have been exposed. ![]() On November 30, 2022, password manager LastPass informed customers of a cybersecurity incident following unusual activity within a third-party cloud storage service.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |