LastPass Security Incident Update

Threat Advisory
Written By Lee Vaniderstine

LastPass, a popular password manager, recently provided an update on a security incident that occurred in August 2022. In this update, LastPass revealed that the source code and specific technical information were extracted from their production environment and used to target an employee to obtain the keys to unlock storage volumes on their cloud-based environment. This could potentially lead to threat actors discovering vulnerabilities in client’s software for exploitation or to execute a cyberattacks on customers.

What is the Threat?

The threat in this incident is the unauthorized access to LastPass's cloud storage, which contains production data and certain metadata of LastPass subscribers. This data was copied by the threat actors, including basic metadata of their customers, such as company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses of those accessing LastPass services. Additionally, the customer vault data was also copied, which included both encrypted and unencrypted data, and partial credit card data.

Why is it Noteworthy?

This security incident is noteworthy because LastPass is a widely used password manager for clients to store credentials securely. The fact that threat actors were able to extract source code and technical information from LastPass's production environment is a significant concern for businesses and individuals who use their services.

What is the Exposure or Risk?

All customers of LastPass are potentially at risk from this incident. The copied data includes basic metadata, which could be used for brute forcing and social engineering attacks. A successful attack could lead to a breach of customer’s saved credentials and ultimately have them stolen. Additionally, the customer vault data that was copied included both encrypted and unencrypted data, and partial credit card data. The encrypted data, however, can only be accessed through the user’s master password using LastPass’s proprietary (Zero Knowledge) architecture, making it less likely for the attacker to access it.

What are the Recommendations?

As a precautionary measure, LastPass recommends businesses to review and update their passwords, review their security measures, and stay vigilant for social engineering attacks on their accounts. It's also important to monitor any suspicious activity on your accounts and change any passwords that may have been compromised.

LastPass has also taken steps to mitigate this issue, including rebuilding and hardening their development environment, switching out machines, changing processes, and updating authentication mechanisms. They have also added additional security features to their product to improve its overall security.

References:

  • LastPass Blog: https://www.lastpass.com/blog/2022/08/security-incident-update

  • LastPass Security Incident Update: https://www.lastpass.com/security-incident-update

Lee Vaniderstine
Previous

Linux Kernel Vulnerability - A New Security Flaw Discovered in Linux 5.15 SMB3 Server
Next

Toronto’s SickKids Hospital Confirms Ransomware Attack