Security News > 2023 > February > LastPass: DevOps engineer hacked to steal password vault data in 2022 breach
LastPass disclosed a breach in December where threat actors stole partially encrypted password vault data and customer information.
"The threat actor was able to capture the employee's master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer's LastPass corporate vault," reads a new security advisory published today.
The use of valid credentials made it difficult for the company's investigators to detect the threat actor's activity, allowing the hacker to access and steal data from LastPass' cloud storage servers for over two months, between August 12, 2022, to October 26, 2022.
All sensitive customer vault data, other than URLs, file paths to installed LastPass Windows or macOS software, and certain use casesinvolving email addresses, were encrypted using our Zero knowledge model and can only be decrypted with a unique encryption key derived from each user's master password.
As a reminder, end user master passwords are never known to LastPass and are not stored or maintained by LastPass - therefore, they were not included in the exfiltrated data.
Backup of LastPass MFA/Federation Database - contained copies of LastPass Authenticator seeds, telephone numbers used for the MFA backup option, as well as a split knowledge component used for LastPass federation.