LastPass Confirms Severe Data Breach: Encrypted Password Vaults Stolen

LastPass Confirms Data Breach – The August 2022 security breach of LastPass may have been more severe than preliminary bared by the company.

What Is LastPass?

LastPass is a password management service that helps users securely store and manage their passwords and other sensitive information. The service offers a variety of features, including the ability to generate strong, unique passwords, auto-fill login information, and automatically log users into websites.

With LastPass, users can store all of their passwords in a secure, encrypted “vault” and access them from any device with an internet connection. The service also allows users to share specific passwords with others and revoke access at any time.

LastPass offers both free and premium subscription plans, with the premium version offering additional features such as multi-factor authentication, emergency access, and the ability to store other types of sensitive information, such as credit card numbers and bank account information.

The service is popular with individuals and businesses alike and is available on a wide range of devices, including computers, smartphones, and tablets.

Data Breach

In August 2022, the company revealed that malicious actors had obtained a trove of personal information belonging to its customers, including their encrypted password vaults.

According to LastPass Confirms Data Breach the attackers were able to access the company’s source code and proprietary technical information through a single compromised employee account. This allowed them to obtain credentials and keys, which they used to extract information from a backup stored in a cloud-based storage service, separate from the production environment.

In addition to the encrypted password vaults, the attackers also stole “basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.”

What is AES?

The U.S. government adopted AES (Advanced Encryption Standard) as a standard in 2002 to protect electronic data. Now, it is widely used around the world to secure sensitive information. AES uses a fixed block size of 128 bits and supports key sizes of 128, 192, or 256 bits.

Data Encryption

Its strong security and efficiency make AES a popular choice for encrypting data in various applications, such as secure communication, data storage, and online transactions. It is also relatively fast and easy to implement, making it a practical choice for many organizations.

User Credentials

A proprietary binary format stores the stolen data, which contains both unencrypted and encrypted fields, such as website URLs, usernames and passwords, secure notes, and form-filled data. Only a key derived from the master password of the users on their devices can decrypt these fields, which are encrypted using 256-bit AES and protected.

Cloud Storage Container

LastPass confirmed that the cloud storage container did not suffer a security breach that involved access to unencrypted credit card data because this information was not stored in the container. However, the company did not disclose how recent the backup was, and warned that the attackers “may attempt to use brute force to guess your master password and decrypt the copies of vault data they took.”

The company also warned that the attackers may target customers with social engineering and credential stuffing attacks, and noted that the success of brute-force attacks to predict master passwords is inversely proportional to their strength.

Multi-Factor Authentication

LastPass urged its customers to use strong, unique passwords for their accounts and to enable multi-factor authentication for added security. The company also encouraged users to regularly update their passwords and to be wary of phishing attacks.

Workforce Identity Cloud (WIC)

The data breach at LastPass is just the latest in a series of high-profile security incidents affecting companies in the tech industry. In recent days, Okta also announced that threat actors had gained unauthorized access to its Workforce Identity Cloud (WIC) repositories hosted on GitHub and copied the source code.

Robust Countermeasures

These incidents highlight the importance of robust countermeasures and cyber security measures and the need for companies to continuously monitor and update their security systems to protect against potential threats. It is also crucial for companies to be transparent and forthcoming with their customers in the event of a data breach, in order to minimize the potential impact on their reputation and trust.

Previous Post
Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *