Password manager and vault app LastPass has shared new updates regarding two cloud storage breaches that occurred in Aug. 2022.
The company’s latest announcement details what type of customer information was stolen during the security incidents, which lasted for over two months.
- The cyberattacks involved multiple threat actors who accessed LastPass’s internal systems for four days.
- The hackers then accessed the company’s cloud storage and continued to steal data from the company’s AWS cloud storage servers for over two months.
- It was difficult for LastPass to stop the attack because the threat actors used valid credentials to access and exploit the company’s internal systems.
- LastPass revealed a complete list of the types of customer data that were stolen, and it includes the following:
- On-demand, cloud-based development and source code repositories
- Internal scripts from the repositories
- Restricted DevOps information
- Cloud-based backup storage
- Backup of LastPass MFA/Federation database
- The company published a PDF titled Security Incident Update and Recommended Actions, which contains a comprehensive explanation of what happened and the actions the company has taken to rectify the situation.
