![]() However, no other user-protected information was compromised in this incident. A breach reportedly encompasses millions of user accounts, including master passwords for the service and: email addresses, encrypted passwords, API keys, site data, and authentication tokens. The LastPass team is notifying all users of an incident that resulted in a security breach of their platform and data. Keep your LastPass account safe by changing your master password and creating a new unique one-time recovery key. More information to come in the coming weeks. GoTo, the parent company of LastPass, in January confirmed a threat actor exfiltrated encrypted backups and an encryption key from the same storage vault that it shares with LastPass.A security breach has been discovered within the LastPass password manager service. The intrusion allowed the threat actor to exfiltrate corporate vault entries and shared folders, which contained encrypted notes with access and decryption keys needed to access the company’s AWS production backups, resources and some critical database backups, the company said.įour months after the initial breach, as 2022 came to a close, LastPass said customer data, including encrypted passwords, usernames and form-filled data was significantly compromised by the attack. ![]() “The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.” “The threat actor targeted one of the four DevOps engineers who had access to the decryption keys needed to access the cloud storage service,” LastPass said.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |