LastPass Cops to Massive Breach Including Customer Vault Data

Dec 23 Dark Reading Staff Dark Reading
I hope you are not using Last Pass
Article (

The follow-on attack from August’s source-code breach could fuel future campaigns against LastPass customers.
Dark Reading Staff Dark Reading

LastPass is a password manager distributed in subscription form as also as a freemium with limited functionality. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones.

LastPass has issued a statement acknowledging that a recent cyberattack has resulted in the theft of customer data, in addition to offering cybercrooks access to encrypted customer vaults.

The attack was a follow-on from a previous breach in August that resulted in the theft of the LastPass source code.

“To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,” the company statement said.

LastPass added that a backup copy of encrypted customer vault data was also stolen, including website usernames, passwords, secure notes, and form-filled data.

The company warns customers to be on the lookout for phishing, credential stuffing, and brute-force attacks as a result of the compromise.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”