LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

LastPass, which in December 2022 disclosed a critical information breach that authorized menace actors to obtain encrypted password vaults, reported it happened as a result of the identical adversary launching a next attack on its units.

The company mentioned just one of its DevOps engineers experienced their particular house laptop or computer breached and contaminated with a keylogger as component of a sustained cyber attack that exfiltrated delicate facts from its Amazon AWS cloud storage servers.

“The risk actor leveraged information stolen all through the very first incident, information out there from a third-party details breach, and a vulnerability in a 3rd-party media software program package deal to start a coordinated second attack,” the password administration company said.

This intrusion targeted the firm’s infrastructure, sources, and a single of its employees from August 12, 2022 to Oct 26, 2022. The authentic incident, on the other hand, ended on August 12, 2022.

The August breach observed the intruders accessing source code and proprietary complex information from its progress natural environment by indicates of a one compromised employee account.

In December 2022, LastPass discovered that the danger actor leveraged the stolen data to obtain a cloud-primarily based storage environment and get maintain of “specific components of our customers’ information.”

Later in the exact thirty day period, the mysterious attacker was disclosed as getting acquired entry to a backup of purchaser vault data that it mentioned was protected applying 256-little bit AES encryption. It did not divulge how current the backup was.

GoTo, the mother or father corporation of LastPass, also fessed up to a breach past month stemming from unauthorized access to the third-party cloud storage support.

Now according to the firm, the danger actor engaged in a new series of “reconnaissance, enumeration, and exfiltration functions” aimed at its cloud storage assistance between August and Oct 2022.

“Specially, the threat actor was ready to leverage legitimate qualifications stolen from a senior DevOps engineer to access a shared cloud storage natural environment,” LastPass mentioned, including the engineer “experienced access to the decryption keys necessary to obtain the cloud storage support.”

This allowed the destructive actor to attain obtain to the AWS S3 buckets that housed backups of LastPass buyer and encrypted vault data, it further observed.

The employee’s passwords are stated to have been siphoned by focusing on the individual’s dwelling computer and leveraging a “susceptible third-party media program package” to reach distant code execution and plant a keylogger software.

“The threat actor was equipped to seize the employee’s learn password as it was entered, after the employee authenticated with MFA, and gain obtain to the DevOps engineer’s LastPass company vault,” LastPass claimed.

LastPass did not reveal the title of the 3rd-party media software package utilised, but indications are that it could be Plex primarily based on the truth that it suffered a breach of its have in late August 2022.

Following the incident, LastPass even more stated it upgraded its security posture by rotating critical and higher privilege qualifications and reissuing certificates acquired by the menace actor, and that it utilized further S3 hardening actions to set in area logging and alerting mechanisms.

LastPass buyers are highly proposed to alter their master passwords and all the passwords saved in their vaults to mitigate potential threats, if not completed currently.

Observed this article fascinating? Adhere to us on Twitter  and LinkedIn to read additional special content material we submit.

Some elements of this write-up are sourced from:
thehackernews.com