1. Forum
  2. Usenet
  3. MISC.PHONE.MOBILE.IPHONE

  • LastPass finally admits the crooks did steal your password vaults, afte

    From NewsKrawler@21:1/5 to All on Mon Dec 26 19:20:59 2022
    https://nakedsecurity.sophos.com/2022/12/23/lastpass-finally-admits-they-did-steal-your-password-vaults-after-all/
    LastPass finally admits - those crooks who got in?

    They did steal your password vaults, after all
    Two-factor authentication (2FA) didn't help in this particular attack.

    Details of how the attackers first got in are still scarce, with LastPass's first official comment cautiously stating that:

    "An unauthorized party gained access to portions of the LastPass
    development environment through a single compromised developer account."

    A follow-up announcement about a month later was similarly inconclusive:

    "The threat actor gained access to the Development environment using a developer's compromised endpoint. While the method used for the initial endpoint compromise is inconclusive, the threat actor utilized their
    persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication."

    There's not an awful lot left in this paragraph if you drain out the
    jargon, but the key phrases seem to be "compromised endpoint" (in plain English, this probably means: malware-infected computer), and "persistent access" (meaning: the crooks could get back in later on at their leisure).

    In its previous breach notifications, the company had carefully spoken
    about customer data (which makes most of us think of information such as address, phone number, payment card details, and so on) and encrypted
    password vaults as two distinct categories.

    This time, however, "customers' information" turns out to include both
    customer data, in the sense above, and password databases.

    Not literally on the night before Christmas, but perilously close to it, LastPass admitted that:
    "The threat actor copied information from backup that contained basic
    customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and
    the IP addresses from which customers were accessing the LastPass service."

    Loosely speaking, the crooks now know who you are, where you live, which computers on the internet are yours, and how to contact you electronically.

    The admission continues:
    "The threat actor was also able to copy a backup of customer vault data."

    So, the crooks did steal those password vaults after all.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)