Incident Details
In 2022, LastPass suffered multiple security breaches resulting in the theft of customer password vaults.
Incident
How Did the Breach Happen?
Initial breach occurred through the compromise of a developer's corporate laptop, gaining access to non-production environments and source code repositories. Subsequently, a DevOps engineer's home computer was hacked using a vulnerable third-party media software, allowing the implantation of keylogger malware which led to the compromise of the DevOps engineer's LastPass corporate vault.
What Data has been Compromised?
Source code repositories, cleartext embedded credentials, stored digital certificates, encrypted credentials for production capabilities, and data from cloud storage resources, including customer password vaults.
Why Did the company's Security Measures Fail?
The company had embedded cleartext credentials in their source code, did not have adequate Cloud Security Posture Management (CSPM) prior to the breach, and provided more access than necessary to developers/engineers to the underlying cloud platform. Additionally, the Endpoint Detection Response (EDR) system failed to trigger during the initial breach.
What Immediate Impact Did the Breach Have on the company?
The breach compromised the security and privacy of LastPass users, leading to potential trust issues and a class action lawsuit.
How could this have been prevented?
Better securing of endpoints, not storing clear-text credentials in source code, employing a CSPM from the start, restricting access to essential personnel only, and using better endpoint detection and response mechanisms could have helped prevent the breach.
What have we learned from this data breach?
The necessity of strong endpoint security, the importance of removing plain text credentials from source code, minimizing access privileges, and the need for active and advanced monitoring of cloud environments.
Summary of Coverage
LastPass experienced a series of breaches in 2022 where attackers gained access to non-production environments and eventually customer password vaults by exploiting security weaknesses, including poor endpoint protection and excess privileges. This highlighted the crucial importance of cloud security and endpoint protection.