We thank you for your continued support and trust in LastPass.
There will be a separate email inviting you to this webcast in the coming days. In the meantime, our services are running normally, and we continue to operate in a state of heightened alert.įinally, we will be hosting multiple webcasts for our customers where we will review information related to this incident. We are committed to keeping you informed of our findings, and to updating you on the actions we are taking and any actions that you may need to perform. We are also performing an exhaustive analysis of every account with signs of any suspicious activity within our cloud storage service, adding additional safeguards within this environment, and analyzing all data within this environment to ensure we understand what the unauthorized party accessed. In response to this most recent incident, we are actively rotating all relevant credentials and certificates that may have been affected. We have also continued to execute on separating our environment from GoTo. We have added extensive logging and alerting capabilities to help detect any further unauthorized activity. We also replaced and further hardened developer machines, processes, and authentication mechanisms. In response to the August incident, we eradicated any further potential access to the LastPass development environment by decommissioning that environment in its entirety and rebuilding a new environment from scratch. The details are provided at the bottom of this email. We are recommending that you take certain actions immediately based on your specific LastPass configuration and use of these API-based integrations with our platform. We have performed a detailed analysis of our business customer-base and have concluded that your business makes use of one or more of these APIs. These keys are used by some of our business customers who have enabled specific API-based integrations with our platform including SCIM, Enterprise, and SAML API applications. Our investigation has also revealed that the unauthorized party had access to a limited number of authentication keys contained within the backups. However, as always, we recommend staying vigilant and adhering to security best practices. At this time, there are no specific actions that you need to take in response to this potential access as your sensitive information remains encrypted within your vault. However, at this point we have identified that the unauthorized party had access to storage containers that contained basic customer account information and related metadata including company names, end-user names, website URLs, billing addresses, email address, telephone numbers and IP addresses from which customers were accessing the LastPass service. Because of our Zero Knowledge platform, your users’ encrypted vault data, which includes usernames, passwords, Secure Notes, and form-filled data remains safely protected. The information in these backups contained a combination of both encrypted and unencrypted data. The cloud storage service accessed by the unauthorized party stores backups and is separate from our production environments. That information was used to target an employee to gain access to additional credentials that facilitated access to the cloud-based storage service.
#Lastpass data breach reddit update
In keeping with our commitment to transparency, we want to provide you with an update regarding our ongoing investigation.īased on our investigation to date, we have learned that an unauthorized party accessed our cloud storage environment leveraging information obtained from an incident we previously disclosed in August of 2022. We recently notified you that an unauthorized party was able to gain access to a third-party cloud-based storage service which is used to store backups.
0 kommentar(er)
