LastPass Breach: Hacker Obtains Decrypted Vault and AWS Encryption Keys

February 28, 2023 By Raulf Hernes

(Image Credit Google)

LastPass, the popular password manager, announced on Monday that a threat actor who had already breached the company's systems earlier this year was able to hack an employee's home computer and access a decrypted vault containing sensitive information. LastPass officials stated that the attacker used a vulnerable third-party media software package to implant keylogger malware that captured the employee's master password after the employee authenticated with multi-factor authentication (MFA). Once the threat actor gained access to the decrypted vault, they exported entries, including the "decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups." This incident occurred between August 12 and August 26, 2021. The employee whose home computer was hacked was one of only four LastPass employees with access to the corporate vault. LastPass officials added that the tactics, techniques, and procedures used in this incident were different from those used in the previous breach that occurred in August 2021. In that instance, the attacker was able to steal valid credentials from a senior DevOps engineer and access the contents of a LastPass data vault. The vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.

LastPass initially stated that the attackers only obtained partially encrypted login data, but in October 2021, they confirmed that the hackers obtained both encrypted and plaintext customer data. The backup data contained unencrypted data such as website URLs, usernames and passwords, secure notes, and form-filled data, which had an additional layer of encryption using 256-bit AES. The recent incident highlights the resourcefulness of the threat actor responsible for the LastPass breach. It is concerning that the attacker was able to exploit a vulnerability on an employee's home computer to gain access to sensitive information. The incident also highlights the importance of ensuring that all devices used for work-related activities are secure. Also Read: Ex-Uber security chief found guilty of concealing data breach in 2016 The incident also shows that alerting and logging measures alone may not be sufficient to detect anomalous behavior. LastPass officials said that alerting and logging were enabled during these events, but the behavior did not indicate the anomalous behavior that became clearer in retrospect during the investigation. This highlights the importance of regularly reviewing logs and other security-related data to detect and respond to threats. [caption id="attachment_99831" align="aligncenter" width="1200"]

LastPass[/caption] It's unclear if there is any connection between the LastPass breach and the breach of Plex, a media streaming service that reported its network intrusion on August 24, 2021, just 12 days after the second LastPass breach commenced. The Plex breach allowed the threat actor to access a proprietary database and make off with password data, usernames, and emails belonging to some of its 30 million customers. Representatives of LastPass and Plex did not respond to emails seeking comment on this issue. However, the threat actor behind the LastPass breach has already proven to be highly skilled and resourceful, and it is essential to take precautions to protect your sensitive information. As Ars advised in December 2021, all LastPass users should change their master passwords and all passwords stored in their vaults. Although it's unclear whether the threat actor has access to either, it's better to take preventive measures to ensure the safety of your data.

By Raulf Hernes

If you ask me raulf means ALL ABOUT TECH!!

LastPass Breach: Hacker Obtains Decrypted Vault and AWS Encryption Keys

Walmart's GenAI Search Engine: Challenging Google's Dominance in Retail Search

Introducing the MSI Claw Handheld: Your Ultimate Gaming Companion

Uber Increases In-App Ads, Prompting Mixed Reactions from Customers

Apple's iOS 18: A Leap into the AI Era

Google's Regular Pixel 8 Won't Get Gemini Nano AI

MacBook Air M3 Makes Amends for M2's Storage Blunder

Samsung Unveils the Galaxy M15 5G

Elon Musk's xAI to Open-Source Chatbot Grok

Contra: Operation Galuga - A Modern Run-and-Gun Classic

Musk Confirms X's TV App Arrives This Week

Tech Titan Elon Musk Unveils XMail, Challenging Gmail's Dominance

WhatsApp Stories Get a Makeover: Easier to Catch Up with Friends' Updates!

Cash App Heats Savings Game with 4.5% APY, But Watch the Catches!

Shazam Gets Mind-Reading Headphones?

Artisse AI raises $6.7 million for its 'more realistic' AI photography app.

How to search the web with ChatGPT?