[AccessD] Last Pass

Paul Wolstenholme Paul.W at industrialcontrol.co.nz
Thu Mar 2 15:08:49 CST 2023 

..and if you wade further (perhaps because LastPass implored every account
holder to do so) you come to a bunch of reassurance and...

https://support.lastpass.com/help/security-bulletin-recommended-actions-for-free-premium-and-families-customers
Security Bulletin: Recommended Actions for Free, Premium, and Families
Customers
...

Do you need to act? Ask yourself these questions to decide:

   - Is your master password strong and unique?

   *yes / no / unsure*
   - Is your master password hash Iteration value set to at least 600,000?

   *yes / no / unsure*
   - Are the passwords in your vault all strong and unique?

   *yes / no / unsure*
   - Are you using multifactor authentication on LastPass and other
   important accounts?

   *yes / no / unsure*

Did you answer no or unsure to any of these questions? If so, keep reading
and please take the recommended actions until all answers are a yes.

Paul Wolstenholme


On Fri, 3 Mar 2023 at 07:25, Rocky Smolin <rockysmolin2 at gmail.com> wrote:

> Follow up on the lastpass  breach:
>
> LastPass: DevOps engineer hacked to steal password vault data in 2022
> breach (bleepingcomputer.com)
> <
> https://www.bleepingcomputer.com/news/security/lastpass-devops-engineer-hacked-to-steal-password-vault-data-in-2022-breach/
> >
>
> Executive summary:
>
> The company has now disclosed how the threat actors performed this attack,
> stating that they used information stolen in an August breach
> <
> https://www.bleepingcomputer.com/news/security/lastpass-developer-systems-hacked-to-steal-source-code/
> >,
> information from another data breach, and a remote code execution
> vulnerability to install a keylogger on a senior DevOps engineer's
> computer.
>
> LastPass says this second coordinated attack used the stolen data from the
> first breach to gain access to the company's encrypted Amazon S3 buckets.
>
> As only four LastPass DevOps engineers had access to these decryption keys,
> the threat actor targeted one of the engineers. Ultimately, the hackers
> successfully installed a keylogger on the employee's device by exploiting a
> remote code execution vulnerability in a third-party media software
> package.
>
> "The threat actor was able to capture the employee's master password as it
> was entered, after the employee authenticated with MFA, and gain access to
> the DevOps engineer's LastPass corporate vault," reads a new security
> advisory
> <
> https://support.lastpass.com/help/incident-2-additional-details-of-the-attack
> >
> published
> today.
>
> "The threat actor then exported the native corporate vault entries and
> content of shared folders, which contained encrypted secure notes with
> access and decryption keys needed to access the AWS S3 LastPass production
> backups, other cloud-based storage resources, and some related critical
> database backups."
>
>
> r
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> https://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>

More information about the AccessD mailing list