![]() Furthermore, it regularly revokes certificates, requires extra logging and alerting, and started enforcing tougher security policies. Now, post-festum, LastPass said it updated its security posture, and started rotating sensitive credentials and authentication keys and tokens. Consequently, the threat actor was lurking in the company’s storage servers for two months. LastPass suffered a similar breach in 2011. The LastPass team refrained from going into more details of the hack as investigations are still ongoing with the help of authorities and third-party security experts. Notably, in late 2022, user data, billing information, and vaults (with some fields encrypted and others not) were breached, leading many security professionals. "The threat actor then exported the native corporate vault entries and content of shared folders, which contained encrypted secure notes with access and decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups."Īs the attackers were using valid login information, the company’s cybersecurity team did not identify the activity as malicious. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. "The threat actor was able to capture the employee's master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer's LastPass corporate vault," the company explained. ![]() ![]() Quick test: If you use or have used Lastpass and your master password is known. As LastPass was compromised, so was GoTo. > LastPass and GoTo report possible cyberattack (opens in new tab) The 2022 LastPass data breach is starting to look truly horrendous. LastPass is an independent company, owned by GoTo (an SaaS provider, formerly known as LogMeIn), and while the LastPass breach has garnered the most attention, the initial penetration was of a third-party cloud storage service, which is used by both GoTo and LastPass. LastPass is being sued following major cyberattack (opens in new tab)
0 Comments
Leave a Reply. |