The cyber security company, LastPass reported a massive breach in August 2022, which resulted in the theft of the cloud-based backup of all customer vault data, including encrypted passwords, usernames, and form-filled data.
The high-profile hack was followed by months of internal investigation by the tech company, where more details came to light, and subsequent investment and reinforced infrastructure has taken place.
The company has admitted to “increased in customer churn” since the incident but has a positive outlook that it will regain customer trust and return to the same customer levels as before the intrusion.
“We invested across platforms, infrastructure and systems — we believe all of which will mean a more modern and secure customer. This has been a multiyear and multimillion-dollar investment. We’re still looking for ways to continue to invest and we’re not done.” – Karim Toubba, CEO of LastPass
What Did the LastPass Breach Entail?
The threat actor evaded detection for months by blending in with legitimate activity after targeting one of four engineers with access decryption keys who manually entered their master password on a malware-laced personal device at home.
The unauthorized party was able to gain access to unencrypted customer account information like LastPass usernames, company names, billing addresses, email addresses, phone numbers and IP addresses.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.
That same hacker was also able to steal customer vault data, which includes unencrypted data like website URLs, as well as encrypted data like the usernames and passwords for all the sites that LastPass users have stored in their vaults.
The intrusion stopped short of gaining access to master passwords, narrowly avoiding a catastrophe.
Can Customers Trust LastPass Again?
In their latest statement published last week, LastPass gave an update listing the technical improvements to its cybersecurity, which have already been completed or are underway.
The makeover, consisted of the following main action points:
- A cloud security posture management (CSPM) layer that was added to all cloud infrastructure.
- A new endpoint detection and response (EDR) system it deemed more effective.
- A secure access service edge (SASE) deployment and improved logs and alerts in its security orchestration, automation and response (SOAR) platform.
- A move to a new source code management system.
- A new policy, still rolling out, that will eventually require all customers to use longer and more complicated master passwords.
- A hardening of key component rotations for Okta and Microsoft Azure AD.
- Improved recovery options for one-time passwords.
- An initial deployment of FIDO2 hardware security keys.
- A reset of security information and event management (SIEM) Splunk tokens and a new SIEM integration deployed in mid September that stores access tokens in encrypted form.
- Code-safety initiatives for SBOM and elevated compliance with supply chain levels for software artifacts.
While many LastPass customers may have already fled to other password managers, some might say that in light of these technical improvements, and by the laws of probability, LastPass has never been safer than right now.