The customer database contained unencrypted information. Group names, encrypted sharing keys, encrypted super admin sharing key.Secure notes name, folder, attachment file name, attachment, encrypted attachment encryption key, note content.Site name, site folder, site username and history, site password and history, site note content, encrypted TOTP secret, custom fillable form-field, custom fillable form-field content.These are not "representative of the complete assembled 'vaults' that are rendered as human-readable form within each customer's LastPass client".īLOBs contain encrypted and decrypted data according to LastPass. The data is stored in aggregated format, BLOBs, which consist "of collections of binary strings separated into designated sections". In a second support document, LastPass confirms that the threat actor was able to copy LastPass customer vault data backups for five different dates: August 20, 2022, August 30, 2022, August 31, 2022, September 8, 2022, and September 16, 2022. Data from those backups included "system configuration data, API secrets, third-party integration secret, and encrypted and unencrypted LastPass customer data. The vulnerability was used to deploy malware, bypass controls and gain access to cloud backups. The threat actor used information obtained during the first hack to target "a senior DevOps engineer", again by exploiting vulnerable third-party software, according to LastPass' post. LastPass deployed additional security technologies and controls in response to the incident, removed the development environment and created it from scratch anew, and "rotated all relevant cleartext secrets" and exposed certificates". Customer data or vault data was not obtained during the first hack. They managed to copy source code data, technical information and "certain LastPass internal system secrets". According to LastPass, the corporate laptop of a software engineer was compromised this allowed the threat actor to gain access to a cloud-based development environment. The summary of the first incident provides details on what happened. The threat actor used a vulnerability to gain access to non-production development and backup storage environments. LastPass reiterates that the two hacks were not "caused by any LastPass product defect or unauthorized access to - or abuse of - production systems". The information is available here, but there is no blog post or official announcement about it yet on the site. ![]() LastPass confirms now that it has completed the investigation of the 2022 hack of its infrastructure. Users were asked to change all their passwords stored by the service at once, as the threat actors had all they needed in their possessions to decrypt password vaults and gain access to all stored passwords. This included user vault data, which contained all the stored passwords, notes and other private information of LastPass customers. In that second hack, customer data was stolen. ![]() What looked like a minor incident first, resulted in a second breach later in 2022. The company confirmed that it suffered a security breach in August 2022.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |