• Texaport provides best in-class, certified cyber security services to protect businesses from online threats.

          Incident Response Center

          If you are currently experiencing a cyber attack, contact our response desk immediately.

        • Texaport is a Managed Service Provider delivering a complete portfolio of IT solutions to support our clients’ operations across the UK and throughout the globe. 

    • Articles, News & Case Studies

      Thought leaders in the global IT sector
  • Contact

Cybersecurity Insights – Last Pass Breach

Last Pass Breach

On 25th August ‘22, LastPass CEO Karim Toubba, released a statement informing LastPass’ customers that they had detected some unusual activity within a portion of the LastPass development environment. This was traced back, and the point of origin was identified to be a single developer account, which proved to have been compromised, giving an attacker developer level access to the  development environment.


Development Environments are also referred to as “sandboxes” and are locations within an organisation where new patches and features are tested by developers prior to release, to discover bugs, errors, and potential security faults. In this instance, LastPass stressed that the Development Environment is physically separate to their other networks and hosts no customer data whatsoever.


During this statement, LastPass stipulated that Master Passwords for user accounts have not been compromised, as LastPass utilise a Zero Knowledge Architecture, they can never plainly view, nor obtain access to view user’s Master Passwords. Their initial investigation led them to believe that since the breach occurred within their Development Environment, no live, private, user data had been compromised.


LastPass issued an update into the issue on 15th September ’22, wrapping up the incident as being dealt with, and remediation steps had been taken to bolster their internal security. LastPass contacted Mandiant, a Cybersecurity Firm in the USA, for external aid in their investigation.


Mandiant was able to uncover the activity period, which was limited to a total for 4 days. During this time, the threat actor was able to prompt the end user for their MFA, which the end user simply accepted, granting the threat actor further impersonated access. This access was restricted to solely the Design Environment due to the nature of the ZK architecture LastPass use.


On 30th November ’22, LastPass released another statement, informing customers of a separate security incident, pertaining to a third-party cloud storage service which had experienced a breach. Again, LastPass sought the aid of Mandiant to isolate and trace the security incident.


Once more on 22nd December ’22, LastPass became more transparent about what the incident included, what data may have been affected, and future steps. LastPass at this stage admitted that the threat actor from the breach in August ’22, may have obtained technical information and source code, which resulted in targeting another employee for their credentials and encryption keys, which in-turn, allowed the threat actor to decrypt “some” storage volumes held on LastPass’ third-party cloud provider.


As LastPass have been trying to play off the security incidents in a somewhat blasé manner, it appears that LastPass have still not been as open and honest about the severity of the breach, and how both the breaches are linked together. A plethora of Cybersecurity researchers agree that the breach is more severe than initially disclosed, based on the obscurity from LastPass in their Security Incident Notices, and the likelihood of encrypted data volumes being extracted and decrypted.


Lily Newman of WIRED wrote that LastPass store user’s saved passwords as encrypted within a password vault, but the accompanying data, such as URLs, is stored in plaintext. This simply highlights high-value password targets within a password vault for a threat actor to hit and begin cracking the encryption. If the threat actor exfiltrated any password vaults, the threat actor would have obtained “a snapshot in time” of the user’s LastPass vault.


Giving them time, and potentially the availability of resources, to crack user’s Master Passwords and gain access to the user’s vaults. This is no small breach, as it can potentially result in the exposure of a user’s password vault contents. LastPass have been quite relaxed about their recent security incidents but have preached about Transparency.


The general security advice is to move away from LastPass completely. There are other password managers available which have proved to be more secure, such 1Password or Keeper. LastPass and other Cybersecurity researchers have advised users to change all their passwords, which would have been within their LastPass Vault, to something completely different.


Simply rotating passwords is not recommended in this scenario, as the threat actor potentially has a full record of your passwords, they will be aware of techniques like password rotation and attempt to brute force your account login with the other cracked passwords. Downloading an Authenticator App and enabling Multifactor Authentication across your accounts/devices is another quick step end users can take to try to bolster their own endpoint security.


At Texaport, we understand the importance of these advancements, and we work with our clients to put a reliable system in place to improve their business efficiency. Our team has a wide range of IT knowledge and remains acquainted with the movements in the IT industry. Find out more here.


IT Support, Case Study

Read our Reviews

More articles

IT Support

Your IT Support issues are resolved immediately at the first point of contact so you can get on with what's important


We hold Cyber Essentials Certification and Microsoft Silver Competency, reinforcing our commitment to quality


Secure your business from within. Enabling you to create a security-focused culture with automated training within your business


Keep your team connected with Texaport's suite of business grade connectivity and information communication solutions

Managed Services

Outsource your Managed IT Services, improve your operations and cut your expenses


Providing the lifelines to your communications with structured cabling design and instalation

Cloud Services

Take your business higher with Texaport's Cloud Consulting, Cloud Migration and Cloud Management

IT Consultancy

Tap Into our strategic experience with our project management and IT Consulting services

Would you like to leave us a Google review?

Would you like to leave us a Google review?

Would you like to leave us a Google review?

Contact us for more information