LastPass, a popular password manager, announced that an unauthorized party accessed the company’s archived backups of its production data on a third-party cloud-based storage service. According to the company’s investigation, a threat actor accessed the cloud storage environment in August 2022 with information obtained from an earlier incident.

Although the threat actor did not access customer data in the August incident, some source code and technical information were stolen and used to target another employee. This allowed the threat actor to obtain credentials and keys to access and decrypt storage volumes within the cloud storage service.

According to LastPass, the cloud storage service accessed by the threat actor is physically separate from the production environment. However, the actor copied customer account information, including email addresses, company names, billing addresses, telephone numbers, end-user names, and IP addresses.

The threat actor copied a backup of the production data, including unencrypted data, such as URLs. In addition to the unencrypted data, encrypted sensitive information, like usernames and passwords, secure notes, and form-filled. The data is stored in a proprietary binary format, and the encrypted fields are protected by 256-bit AES encryption. The threat actor can only decrypt them with a unique encryption key. The encryption key is derived from the user’s master password via LastPass’ Zero Knowledge architecture.

The threat actor may attempt to guess customer master passwords using brute force to decrypt copies of vault data they obtained. LastPass has assured its customers that it would be challenging for them to do so because of the encryption methods used to secure the data. However, LastPass advises customers to remain vigilant against brute force, credential stuffing, or other phishing attacks on accounts associated with their LastPass vaults.

The company has taken several steps to address the issue and provide security for its customers. These include revoking the keys accessed by the threat actor, strengthening internal controls, and implementing additional security measures. Furthermore, the company is working with law enforcement and cybersecurity experts to investigate the issue further.

LastPass recommends that all customers follow best practices when creating and managing strong passwords as a precautionary measure. In addition, LastPass customers should remain vigilant and follow the recommended precautions to ensure the security of their personal information.

Related Posts - TKS Blog

TKS Newsletter - 2025 February
Here's our February 2025 Newsletter Read the full PDF version here: The TKS Sentinel - February Issue In this month's edition, we discuss: Work-Specific Tools Windows 11...
Read more
February 3, 202510:01 am
common password mistakes
Password Management Tips For Businesses
Is Your Business Cyber Secure? Passwords are the front line of defense against cyberattacks. Yet, most businesses still struggle with password security—whether it’s employees using weak...
Read more
January 27, 20253:43 pm
password protection in the era of AI
Password Security In The Age Of AI
The AI Threat to Password Security Artificial intelligence is revolutionizing many industries, but it’s also empowering cyber criminals. Recent studies reveal that AI can crack over...
Read more
January 13, 20253:43 pm
tech news updates jan 2025
TKS Newsletter - 2025 January
Here's our January 2025 Newsletter Read the full PDF version here: The TKS Sentinel - January Issue In this month's edition, we discuss: New Tech Tools Malicious...
Read more
January 10, 20253:28 pm

Used with permission from Article Aggregator