To date, the identity and motivation of the threat actor remain unknown. There have been no contacts or demands from the threat actors. In response, LastPass shared technical information, Indicators of Compromise (IOCs), and threat-actor tactics, techniques, and procedures (TTPs) with forensic partners and law enforcement. Instead, each incident was caused by a vulnerability in third-party software that allowed the threat actors to bypass existing controls and access non-production development and backup storage environments. These incidents were not caused by defects in LastPass products or unauthorized access to production systems. The two 2022 incidents affected both LastPass and its customers. LastPass recommends that customers reset their master password and enable multi-factor authentication.The investigation reveals that the data accessed included on-demand, cloud-based development and source code repositories, internal scripts, internal documentation, DevOps secrets, cloud-based backup storage, backups of all customer vault data (encrypted), and backup of LastPass multi-factor authentication/Federation Database. These actions include analyzing cloud-based storage resources, applying additional policies and controls, changing existing privileged access controls, and rotating relevant secrets and certificates. In response, LastPass has taken several actions to secure its systems and customer data. The threat actor stole source code, technical information, internal LastPass secrets, and both encrypted and unencrypted customer data. The threat actor accessed non-production development and backup storage environments. Instead, a vulnerability in third-party software was exploited.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |