LastPass Announces Second Attack, Resulting in Encrypted Password Vaults Breach

LastPass, the popular password management service, has disclosed a second attack that led to the breach of its encrypted password vaults. The company had earlier revealed a severe data breach in December 2022, where threat actors were able to access encrypted password vaults. The latest attack happened as a result of the same adversary launching a sustained cyber attack that exfiltrated sensitive data from its Amazon AWS cloud storage servers.

LastPass confirmed that one of its DevOps engineers had their home computer breached and infected with a keylogger, enabling the threat actor to access a shared cloud storage environment. The intruders targeted the company's infrastructure, resources, and one of its employees from August 12, 2022, to October 26, 2022, leveraging information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package.

During the second attack, the malicious actor was able to obtain access to the AWS S3 buckets that housed backups of LastPass customers and encrypted vault data. This was made possible through the use of valid credentials stolen from a senior DevOps engineer who had access to the decryption keys needed to access the cloud storage service. The employee's passwords were obtained by targeting their home computer and exploiting a vulnerable third-party media software package, which was not named but thought to be Plex based on its breach in late August 2022.

LastPass did not reveal how recent the backup was, but it confirmed that the encrypted vault data was protected using 256-bit AES encryption. Following the incident, the company upgraded its security posture by rotating critical and high-privilege credentials, reissuing certificates obtained by the threat actor, and applying extra S3 hardening measures to put in place logging and alerting mechanisms.

To learn more about cryptography click here.

LastPass has advised all its users to change their master passwords and all passwords stored in their vaults as a precautionary measure. With these attacks highlighting the need for heightened security, LastPass has assured its customers of its commitment to the security of their data and continued improvement of its security measures to prevent further breaches.

Thank you for reading our blog today. We hope you found the information helpful and informative. If you enjoyed this blog, follow us on Twitter, Instagram, Linkedin, GitHub, Website, and Youtube for more exciting content and updates. If you have any questions or comments, please feel free to reach out to us. We would love to hear from you. Don't forget to share this with your friends and family who may also find this information useful. Thank you for your support and stay tuned for more!