
Specifically, the threat actor was able to access a shared cloud storage environment using credentials stolen from a senior DevOps engineer. LastPass’ parent company, GoTo, also disclosed unauthorized access to the third-party cloud storage service last month.Īccording to the company, the threat actor engaged in a series of “reconnaissance, enumeration, and exfiltration activities” between August and October 2022.

However, the exact date of the backup was not revealed. In the same month, it was disclosed that an unknown attacker had accessed a backup of customer vault data encrypted with 256-bit AES. LastPass revealed in December 2022 that the threat actor used the stolen information to access a cloud-based storage environment and obtain certain elements of their customers’ data. The first incident ended on August 12, 2022. It targeted the company’s infrastructure, resources, and an employee from August 12, 2022, to October 26, 2022. The password management service states that the threat actor used stolen information from the first incident, information obtained from a third-party data breach, and a vulnerability in a third-party media package to launch a coordinated second attack.

As a result of another attack on LastPass’s systems, the company disclosed a severe data breach in December 2022 that allowed threat actors to access encrypted password vaults.ĭevOps engineers’ home computers were breached and infected with a keylogger as part of a sustained cyber attack that exfiltrated sensitive data from Amazon AWS’s cloud storage servers.
