December 23, 2022Rabbi LakshmananPassword management / data breach

The LastPass security breach in August 2022 may have been more serious than the company previously disclosed.

On Thursday, a popular password management service said malicious actors used data siphoned from previous intrusions to obtain mountains of personal information belonging to its customers, including encrypted password vaults. clarified.

Among the stolen data was “basic customer account information, including company name, end-user name, billing address, email address, phone number, and the IP address from which the customer was accessing the LastPass service. associated metadata” was included. Said.

The August 2022 incident is the subject of an ongoing investigation and involved malicious individuals accessing source code and proprietary technical information from a development environment via one compromised employee account .

cyber security

LastPass said this allowed an unidentified attacker to obtain credentials and keys that were then used to extract information from backups stored on a cloud-based storage service.

Additionally, the attackers allegedly copied customer vault data from an encrypted storage service. A “proprietary binary format” containing both unencrypted data such as his URL for a website, and fully encrypted fields such as website usernames and passwords, secure notes and form input data is saved in .

According to the company, these fields are protected using 256-bit AES encryption, and users master password on the user’s device.

LastPass confirmed that access to unencrypted credit card data was not related to security lapses, as this information was not archived in a cloud storage container.

The company didn’t say how recent the backups were, but warned that attackers “could try to guess your master password by brute force and try to decrypt the copy of the vault data they got.” , social engineering and credential stuffing attacks.

It is worth noting at this stage to predict the success of the brute force attack. master password Inversely proportional to strength. In other words, the easier it is to guess a password, the fewer attempts it takes to crack it.

“If you reuse your master password and that password is compromised, a threat actor may attempt to access your account using a dump of compromised credentials already available on the Internet.

The fact that the website URL is in plaintext means that successful cracking of the master password could allow an attacker to recognize which website a particular user has an account on, allowing additional phishing attacks and credential information. It means that you can launch a theft attack.

The company further said it notified a small subset (less than 3%) of its business customers to take certain and unspecified actions based on their account configuration.

The development comes days after Okta admitted that attackers gained unauthorized access to its Workforce Identity Cloud (WIC) repository hosted on GitHub and copied the source code.

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog