LastPass Suffers Second Major Data Breach in Four Months
LastPass says the breach did not compromise the passwords of 33 million company users and over 100,000 business accounts.
On Wednesday, LastPass confirmed it was breached, a fallout of the August 2022 incident wherein portions of source code and some proprietary LastPass technical information were compromised. The recent breach came to light after the company noticed unusual activity in a third-party cloud storage service it shares with GoTo, its parent company.
In a blog post, LastPass CEO Karim Toubba said the still unknown threat actors accessed “certain elements” of the password manager’s customer information. Toubba didn’t talk about the type of information that was compromised but assured that the passwords of more than 33 million company users and more than 100,000 business accounts remain unaffected.
The August 2022 breach, wherein the hackers had access to LastPass accounts for four days, compromised the source code and some proprietary technical information. What the threat actors obtained in the previously compromised data to breach LastPass again is unknown.
“Since the company claims that the current hack is based on data compromised in the previous hack, this raises the question: Why did they not learn from the earlier hack and correct the root cause?” Mike Walters, VP of vulnerability and threat research at Action1, told Spiceworks. “The trend of repeated hacks, where the company fails to eliminate the consequences of the breach for months, is frustrating.”
In both LastPass breaches this year, the threat actors failed to access customer passwords thanks to the Zero Knowledge security model it has implemented that no one except the customer has access to the password or any other data stored in the company’s digital vault.
The password manager solutions vendor is working with Mandiant to ascertain the precise reason behind the hack. “We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” Toubba said. LastPass’s previous August 2022 breach came through a compromised developer account that had access to the company’s developer environment.
Walters added, “To avoid this mistake, you should take decisive steps to investigate the security incident, as well as to find and fix any and all security vulnerabilities. Namely, carefully examine the investigation report and conduct an in-depth analysis of all architectural issues. Implement robust network segmentation and complete visibility into network traffic and user behavior. Ensure you receive alerts about any abnormal events.”
“Also, validate that your IDS/IPS, Endpoint Protection, EDR, NGFW, Sandbox, Honeypot, and RMM systems are in place and fine-tuned according to your business needs. Finally, you need to have a SOC center for incident response.”
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
Image source: Shutterstock
MORE ON DATA BREACHES
