![]() ![]() As far as what can be done now, it's really just about keeping on your toes and not falling prey to phishing attempts. ![]() LastPass also warns that phishing attacks could start becoming more common, in an attempt to catch customers off guard and extract master passwords. LastPass does acknowledge that this is a possibility, but does state that it would be "extremely difficult," as long as the password itself is a complicated one. The bad news is that if the attacker has time, they can go through and try as many passwords as necessary to decrypt the data. As for the good news, the harvested data was encrypted, and does require the user's master password to decrypt. Well, there's some good news and bad news. LastPass also detailed the steps it has taken to strengthen its defenses going forward, including revising its threat detection and making "a multi-million-dollar allocation to enhance investment in security across people, processes, and technology.From here, the attacker was able to access account information like "end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service." Furthermore, customer vault data was obtained, which contained encrypted "website usernames and passwords, secure notes, and form-filled data." So you might be asking yourself, what does this all mean exactly? Apparently, the cloud-based backups accessed during the second breach included "API secrets, third-party integration secrets, customer metadata and backups of all customer vault data." The company insisted that all sensitive customer vault data aside from some exceptions "can only be decrypted with a unique encryption key derived from each user's master password." The company added that it doesn't store users' master passwords. In a support document (PDF) the company released (via BleepingComputer), it detailed the data accessed by the threat actors during the two incidents. To be able to access the data saved in those buckets, the hackers needed decryption keys saved in "highly restricted set of shared folders in a LastPass password manager vault." That's why the bad actors targeted one of the four DevOps engineers who had access to the keys needed to unlock the company's cloud storage. It also admitted that the hackers made off with a bunch of sensitive information, including its Amazon S3 buckets. When the company announced the second security breach in December, it said the bad actors used information obtained from the first incident to get into its cloud service. While the first incident ended on August 12th, the company said in its new announcement that the threat actors were "actively engaged in a new series of reconnaissance, enumeration, and exfiltration activities aligned to the cloud storage environment spanning from August 12th, 2022 to October 26th, 2022." If you'll recall, LastPass revealed in August 2022 that an "unauthorized party" gained entry into its system. This latest update in LastPass' investigation gives us a clearer picture of how the two security breach incidents it went through last year were connected. After they got in, they exported the vault's entries and shared folders that contained decryption keys needed to unlock cloud-based Amazon S3 buckets with customer vault backups. They implanted a keylogger into the software, which they then used to capture the engineer's master password for an account with access to the LastPass corporate vault. Apparently, the bad actors involved in those incidents also infiltrated a company DevOps engineer's home computer by exploiting a third-party media software package. LastPass has posted an update on its investigation regarding a couple of security incidents that took place last year, and they're sounding graver than previously thought. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |