One Article Review
| Source |  Schneier on Security |
|---|---|
| Identifiant | 8294959 |
| Date de publication | 2022-12-26 12:06:18 (vue: 2022-12-26 13:07:13) |
| Titre | LastPass Breach |
| Texte | Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse: While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service. […] To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service... |
| Envoyé | Oui |
| Condensat | 2022 access accessed accessing account actor addresses another august backup based basic billing breach cloud code company compromised contained container copied credentials customer customers data date decrypt decryption determined development dual during email employee end environment from full have incident including information information—or key keys last lastpass metadata names numbers obtained obtaining once out passwords—were related reported saying security service some source stolen storage story target technical telephone threat turns used user volumes which within worse: |
| Tags | Threat |
| Stories | LastPass |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ressemble à 1 autre(s) article(s):
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-28 17:00:00 | (Déjà vu) LastPass Data Stolen in August 2022 Breach Used For December Attack (lien direct) | Threat actors obtained credentials and keys later used to access and decrypt some storage volumes | Threat | LastPass | ★★ |