This database was encrypted, but the separately-stored decryption key was included in the secrets stolen by the threat actor during the second incident. LastPass has also now disclosed that the threat actor accessed copies of LastPass Authenticator seeds, telephone numbers used for the MFA backup option (if enabled), as well as a split knowledge component (the K2 key) used for LastPass federation (if enabled). Encrypted data includes usernames and passwords, secure notes, and form-filled data however, unencrypted data includes website URLs, which are likely the URLs tied to the stored usernames and passwords. This access allowed the threat actor to pivot and gain additional access to LastPass production backups, which included unencrypted and encrypted customer data.Īccording to LastPass, the encrypted data remains secured and can only be decrypted with a unique key derived from a user’s master password. LastPass has now disclosed that the threat actor used the information stolen in their first breach to target a senior DevOps engineer at the company with malware, which ultimately allowed them to access their corporate vault. According to their notice, the threat actor used information obtained in an earlier, August 2022, data breach to target an employee and obtain credentials and keys used to decrypt storage volumes within their cloud-based storage service. On February 27, 2023, LastPass updated their security incident notice to include additional details around the data breach they began investigating in November 2022. Note: This is not a new breach of LastPass’ systems, but rather sharing of additional details from their investigation into the incident they publicly disclosed on December 22, 2022.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |