Home / Threat Intelligence bulletins / LastPass security incident

Overview

Password manager company LastPass has published a statement on a recent security incident. The company detected unusual activity in a third-party cloud storage service, shared by both LastPass and its affiliate, GoTo.

In August a compromised developer account was used to access source code and some proprietary LastPass technical information. The attackers had internal access for four days before being expelled from the network.

The company stresses that password information cannot be accessed due to their zero-knowledge architecture.

Impact

An unauthorised party was able to gain access to certain elements of customer information but passwords are unaffected.

Affected Organisations

  • LastPass
  • GoTo (formerly LogMeIn)

Threat Landscape

Password managers and other secret stores are high-value targets as their compromise could allow a threat actor to pivot to other systems. In this case the architectural design of LastPass means that even direct access to their customer data does not grant access to the secrets. The attack in August did involve code repositories and if undetected could have led to code tampering but their incident response ruled out that possibility.

Threat Group

Unknown at this time.

Mitre Methodologies

T1078.004 – Valid Accounts: Cloud Accounts

Further Information

Notice of Recent Security Incident