LastPass Hackers obtained customer data vaults in recent data breach

LastPass, a popular password manager, admitted to a data breach in August 2022, during which hackers gained access to their names, addresses, and data vaults.

In a nutshell, LastPass concluded that the attackers were successful in installing malware on the computer of a developer. However, LastPass has changed its tune, stating that the cloud storage service is now used to store archived backups of production data.

“To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,” a LastPass blog post reads.

The hacker also made a copy of customer vault data, which is “stored in a proprietary binary format,” according to the company. Some vault data is not encrypted, such as website URLs. Other information, such as usernames and passwords, is “secured with 256-bit AES encryption,” according to the company, and cannot be decrypted by hackers.

While the company claims that the hackers would be extremely unlikely to decrypt the data, it warns users that they may be targeted by phishing or social engineering attacks.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web