Unencrypted Data: Some client metadata was stolen in an unencrypted format, meaning that they stole the data in a usable readable format (i.e.On the surface level, the threat actor will not be able to do anything with this data as is Encrypted Data: This data was stolen will be unintelligible to a third party unless they are able to decrypt it (more on that below).The stolen data falls into two main categories: LastPass dives into some very technical details about what was stolen. While LastPass communicated on December 22nd, they have not stated the exact timeframe when the data was stolen which brings us to our next topic… The main takeaway here is that it remains unknown when the actual breach occurred. According to LastPass, some of the data that was compromised in August (lastpass code / technical information) was then leveraged to execute the incident in December. They go on into some technical details about what was accessed and how it came about. an unauthorized party gained access to a third-party cloud-based storage service, which LastPass uses to store archived backups of our production data.” On December 22nd, LastPass published an update and communicated to customers that: We have no evidence that this incident involved any access to customer data or encrypted password vaults.”Īt that point, they reinforced the message and clearly stated that there was no indication that any customer or vault data was compromised. We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. “We are writing to inform you that we recently detected some unusual activity within portions of the LastPass development environment.
On August 25th, LastPass sent the following message to its customers: In chronological order, here are how some of the events unfolded.
0 kommentar(er)
