LastPass Details

    Organization Logo

    LastPass

    Boston, Massachusetts employees • Technology

    Industry

    Technology

    Security Incidents

    1

    LastPass is a password management service that securely stores and encrypts passwords and other sensitive information in a centralized vault. It offers features like auto-filling login credentials, generating strong passwords, and securely sharing passwords with others. LastPass also supports multi-factor authentication and provides seamless access across various devices and platforms.

    Security Incidents

    LastPass Breach of Aug 2022
    Severity Score
    Significant to High

    Type

    Data Breach

    Summary

    In August 2022, LastPass experienced a significant security breach when an unauthorized party gained access to its development environment by compromising a developer's account. The attacker infiltrated the system, stealing portions of source code and proprietary technical information. Despite reassurances that users' master passwords and encrypted vault data were not accessed, the attacker later breached a senior DevOps engineer's home computer using keylogger malware, capturing the employee's master password. This led to the exfiltration of the company's corporate vault, including decryption...
    Show more

    Severity

    The recent security incident involving LastPass signifies a significant breach, escalating from an initial intrusion to a more complex and sophisticated attack. The threat actor exploited a third-party software vulnerability on a developer's home computer, enabling them to capture the master password and gain access to a decrypted corporate vault that contained sensitive data including encryption keys for customer vault backups. This failure in defense resulted in a wider exposure of customer information, revealing both encrypted and plaintext data, and indicating a well-coordinated and resour...
    Show more

    Impact

    The recent cyber incident at LastPass was a sophisticated data breach that significantly impacted both internal and customer data. The attacker obtained partially encrypted login data, and further exploited a home computer belonging to a DevOps engineer, extracting a decrypted vault containing critical encryption keys for customer vault backups stored in AWS S3. This privileged access allowed the threat actor to take customer data including website URLs, usernames, passwords, secure notes, and form-filled data, some of which were encrypted with 256-bit AES. Additionally, the incident compromis...
    Show more