Security News > 2023 > February > LastPass breach: Hacker accessed corporate vault by compromising senior developer’s home PC

LastPass is, once again, telling customers about a security incident related to the August 2022 breach of its development environment and subsequent unauthorized access to the company's third-party cloud storage service that hosted backups: "The threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated second attack."

The second incident went initially unnoticed, LastPass says, the tactics, techniques, and procedures and the indicators of compromise of the second incident "Were not consistent with those of the first." It was only later determined that the two incidents were related.

"The second incident saw the threat actor quickly make use of information exfiltrated during the first incident, prior to the reset completed by our teams, to enumerate and ultimately exfiltrate data from the cloud storage resources," the company explained.

"The threat actor then exported the native corporate vault entries and content of shared folders, which contained encrypted secure notes with access and decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups," LastPass added.

LastPass has yet to publish an official post about this incident - we only know all this now because the company began notifying its business customers on the quiet and the information was leaked.

A copy of the notification is available here, and points both Business and Teams customers and LastPass Free, Premium, and Families Customers to recommended best practices and actions that they should take to protect themselves and their organization from the possible fallout of this breach.

News URL

https://www.helpnetsecurity.com/2023/02/28/lastpass-breach-corporate-vault/