Visit the December 2022 post for more information. Information gained in the first incident allowed the threat actor to identify targets for a second incident, in which a vulnerability in 3rd-party software allowed them access to cloud backups of encrypted and unencrypted customer data.No customer data was accessed at that time. The first incident began with the compromise of an employee’s laptop, which allowed the threat actor to gain access to a LastPass development environment and internal system secrets.During the course of their investigation, they have taken steps to upgrade security and improve security operations.They have not seen any evidence of threat actor activity since October 26, 2022.LastPass has released additional information about the series of incidents that they first reported in December. LastPass: Security Incident Update and Recommended Actions Please visit the security bulletin links for more information and things to do, including templates for communication. Communicate with end users about the risks associated with these incidents.Generate URL reports to access risks for credential stuffing, phishing, and social engineering attacks.View What Data Was Accessed on the LastPass blog to find specific information about what encrypted and encrypted data was exposed. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |