LastPass, a popular password manager announced that an unauthorized party had accessed its archived backups of production data stored on a third-party cloud storage service. According to company investigations, a threat actor accessed cloud storage environment in August 2022 using information obtained from an earlier incident.
While the threat actor didn't have access to customer data during the August incident however, some source code as well as technical information were stolen. This was used to target another employee. This enabled the threat actor access to keys and credentials to decrypt and access storage volumes within the cloud storage.
LastPass claims that the cloud storage service used by the threat actor was physically isolated from the production environment. The actor stole customer account information including email addresses and company names as well as billing addresses, telephone numbers, IP addresses, and end-user names.
The threat actor took a backup of the production data. This included unencrypted information such as URLs. The threat actor also copied encrypted sensitive information such as usernames and passwords. Secure notes and form-filled were also included. The encrypted fields are protected with 256-bit AES encryption. Only a single encryption key can decrypt the data. LastPass' Zero Knowledge architecture generates the encryption key from the user's master pass.
Threat actors may try to guess customer master passwords by brute force in order to decrypt vault data copies they have obtained. LastPass assured customers that they would not be able to crack the vault data because of the encryption used. LastPass warns customers to be vigilant against credential stuffing and other phishing attacks on accounts that are associated with LastPass vaults.
The company took several steps to resolve the problem and ensure security for customers. The company has taken several steps to address the issue, including revoking keys that were accessed by the threat actor, strengthening its internal controls, and adding additional security measures. The company is also working with cybersecurity experts and law enforcement to further investigate the matter.
LastPass recommends that customers use best practices for creating strong passwords. LastPass customers must be vigilant and take the necessary precautions to protect their personal information.
Risks of Public Wifi
While public Wi-Fi can be a convenient way to stay connected while traveling, it is important to be aware of its potential security risks. If a hacker intercepts your data while using public Wi-Fi, it can result in identity theft, compromised credentials, malware exposure, or even compromise your business account.
There are a few steps you can take to safeguard your data while traveling this holiday season.
Strong Password
By using robust credentials, users can rest assured that their private information will be safe. Passwords should include letters, symbols, and numbers to prevent hackers from guessing them and compromising their accounts. A password manager is an excellent tool for generating strong passwords and storing them in a secure location.
Secure Connection
The best way to ensure that information is protected online is to use HTTPS when available. HTTPS is a secure protocol that encrypts all data sent between a website and its visitors so that no one can intercept and steal the information. However, not all websites offer HTTPS. Users can utilize a VPN to protect their data further. A VPN will encrypt users' data as they navigate the internet, protecting their valuable information.
Exercise Caution
Finally, always exercise caution when downloading files or conducting other online transactions. For example, never download anything from an unknown website or email. It may be a phishing attempt to steal personal or financial information.
When traveling for business or pleasure, it's important to know that there are a number of security risks associated with public Wi-Fi. However, by following a few simple guidelines, you can protect your data and stay safe while browsing the internet.
Integrated Technology Systems works with your company to ensure that both internal and external computers connected to your network are secure. Call us today to discuss your security needs.
Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017
212-750-5420
https://www.itsnyc.com
