Last Pass experienced data breaches in August and November 2022, which compromised private client data.
According to a statement released by LastPass. The August hack involved the theft of source code and technical data from LastPass’ development environment. Which was then utilised to target a worker. In November 2022, the hacker was able to utilise these credentials and keys to log into LastPass’ third-party cloud storage service. The hostile actor was able to decode a few storage volumes inside the storage service using the keys.
The number of impacted clients has not yet been disclosed.
Following the data’s decryption, the hacker gained access to and copied data from a cloud backup. That contained “basic customer account information and related metadata”. Such as company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. The number of impacted clients has not yet been disclosed.
The hacker was also able to copy a backup of customer vault data from the encrypted storage container. Which is stored in a proprietary binary format and contains both unencrypted data, such as website URLs, and fully-encrypted sensitive fields, such as website usernames and passwords, secure notes, and form-filled data,” according to LastPass.
Also read:Tory Lanez found guilty on all charges in shooting of Megan Thee Stallion