LastPass reports that a second attack on its system has happened.
As a reminder, in December of the last year, LastPass had a severe data breach which apparently gave access to encrypted vaults of their users as well as customers' information.
Now, the company has stated that one of its DevOps engineers had their personal home computer breached and infected with a keylogger and that provided access to a shared cloud storage environment (AWS S3 bucket) that housed backups of LastPass customer and encrypted vault data.
Overall, LastPass customers may have been affected in varying degrees, as there was a lot of stolen data, ranging from multifactor authentication (MFA) seed to customer metadata and backups.
Here you can find what information has been stolen so far (as reported by the company) https://support.lastpass.com/help/what-data-was-accessed
Have a nice day.
Sources:
https://web.archive.org/web/2/https://thehackernews.com/2023/02/lastpass-reveals-second-attack.html
https://xakep.ru/2023/02/28/lastpass-breach/
https://support.lastpass.com/help/what-data-was-accessed
As a reminder, in December of the last year, LastPass had a severe data breach which apparently gave access to encrypted vaults of their users as well as customers' information.
Now, the company has stated that one of its DevOps engineers had their personal home computer breached and infected with a keylogger and that provided access to a shared cloud storage environment (AWS S3 bucket) that housed backups of LastPass customer and encrypted vault data.
Overall, LastPass customers may have been affected in varying degrees, as there was a lot of stolen data, ranging from multifactor authentication (MFA) seed to customer metadata and backups.
Here you can find what information has been stolen so far (as reported by the company) https://support.lastpass.com/help/what-data-was-accessed
Have a nice day.
Sources:
https://web.archive.org/web/2/https://thehackernews.com/2023/02/lastpass-reveals-second-attack.html
https://xakep.ru/2023/02/28/lastpass-breach/
https://support.lastpass.com/help/what-data-was-accessed
