The extent data exposed in the breach includes DevOps secrets, configuration data housed in cloud-based backup storage containing third-party integration secrets a backup of LastPass MFA/Federation Database which includes Multi-Factor Authentication (MFA) seeds, and Split Knowledge Component ("K2") keys for Federated business clients.I want to share with you an important update about the security incident we disclosed on December 22, 2022. "The threat actor then exported the native corporate vault entries and content of shared folders, containing encrypted secure notes with access and decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups." Initially, Lastpass had difficulty in their investigation discerning the threat actors’ activity as they used valid credentials however AWS GuardDuty alerts were able to alert on the anomalous activity.Īlthough LastPass has since enhanced its security measures by implementing credential and authentication key/token rotations, certificate revocation increased logging and alerting, and the enforcement of more stringent security protocols a large volume of data has been compromised. "The threat actor was able to capture the employee's master password as it was entered, after the employee authenticated with MFA, and gained access to the DevOps engineer's LastPass corporate vault," as detailed in LastPass's security advisory. This resulted in the installation of a keylogger on the DevOps engineer's home workstation following the exploit of third-party software using a remote code execution vulnerability. The threat actors became aware that only four LastPass DevOps engineers possessed access to decryption keys, the threat actors then proceeded to focus on one of the engineers. Part of the stolen data included partially encrypted password vault data and customer information. The threat actors leveraged data obtained from the first breach in August 2022, to access collected and exfiltrated data from August 12th, 2022, to October 26th, 2022. LastPass provided additional details about a "coordinated secondary breach," during which an unauthorized actor gained entry into and exfiltrated data from the company's Amazon AWS cloud storage servers for over two months. LastPass: New Details Emerge from Second Security Breach of 2022 Category: Data Breach | Industry: Technology | Level: Strategic | Source: LastPass
0 kommentar(er)
