Password manager Lastpass provided disturbing new information about a security incident that occurred in August 2022. On this occasion, details were provided that show that customer information has been compromised in this incident, so the reliability of the company is in jeopardy.
Since the security incident occurred last year, Lastpass has been providing information about it but it wasn’t until now that it acknowledged that there was customer information that has been at risk, as hackers accessed encrypted password vaults.
The relevance of the recognition that sensitive information was compromised lies in the fact that Lastpass is one of the most important and widely used password managers. Not only is it very worrying that customer information has been compromised, but it also raises concerns about the security measures the company has in place to protect sensitive information such as passwords.
The company said it has implemented new procedures to improve security and new alerts to prevent such an incident from happening again.
What was the Lastpass security incident?
According to Lastpass, the attack consisted of two stages. First, the personal computer of an employee who had access to encrypted keys to access a cloud storage environment was accessed. This first entry was achieved through a third-party software vulnerability that allowed the keylogger malware to be deployed to monitor the movements of the Lastpass engineer.
After this, they were able to obtain the master password to access the corporate vault and get hold of the keys to access different cloud backups. The second stage of the security hack occurred in December where cybercriminals accessed these critical database backups using the credentials hacked in August. In addition to this, the attackers obtained a backup copy of data directly from the customer vault, although it was not made clear how up-to-date that copy was.
The criminals obtaining the valid credentials posed a real problem because investigators could not differentiate the legal activity of Lastpass employees from that carried out by the cybercriminals. Security alerts noticed something strange when they tried to use the security credentials for unauthorized activities.
What should users who use Lastpass do?
For the time being, Lastpass users should modify the passwords they have stored, in addition to the master password that gives them access to them, in order to prevent unauthorized access and information theft. Surely there will be many who will migrate their information to another password manager, especially with the recognition of Lastpass that there was a breach of sensitive information.
Undoubtedly, this cyber attack hits the credibility of this popular password manager. In addition to this breach, Lastpass has suffered at least seven major security breaches in recent years, so many security researchers are recommending getting rid of Lastpass in the face of these incidents, even before new information about the August incident became available.