Major Online Password Service Compromised

Aug 27, 2022

black hat

LastPass has been compromised. It’s good that they’re disclosing it in relatively short order. You might say it was the keys to the kingdom that were stolen. Someone pilfered ‘portions’ of their source code, and some proprietary technical information. It has not been revealed what ‘some’ or ‘portions’ actually means.

The source code and the proprietary technical information gives a potential hacker the ability to better understand how LastPass works and have a better idea as to how to exploit the service.

Could this be worse than a password database exfiltration? It all depends on what was in that source code and the technical information.

With a lot of our data being in the cloud, we should be vigilant about which companies have our data, how they store it, …

There is a lot of news over the past several years about unsecured AWS S3 data buckets having unencrypted credentials stored in them, ransomware running roughshod over organizations, …  It is surprising to hear of proprietary technical information, and source code for a security-focused business being stored on publicly accessible servers.

Ultimately in a security-focused organization, the source code and technical information should be on air gapped networks. In a non security-focused organization, the developer accounts should at a minimum be 2FA-secured, but it seems in this case it was only secured by a password. It’s not clear how the hackers gained access (brute-force or social engineering) to the account, either. In this case, the security-focused organization is not really setting a good example for the rest of us.

Organizations can learn a lot from this. The question is, will they?

Looking for an IT company, or have a problem today that requires a quick solution?

Let us help guide you on the easy stuff and do the heavy lifting on the more difficult stuff.

Complete the form below and one of our team will help you out.

Recent Posts

Log4Shell Zero Day Vulnerability

Log4Shell is a zero day vulnerability affecting Java servers and is actively being exploited in the wild. Java is the backend language for a lot of enterprise servers as well as Fortune 1000 websites. If you're the administrator of such a website, you know that the...

read more

Microsoft Office 365

Work, Connect and Collaborate Any Time, Anywhere! Unlock your potential with an industry leading, fully integrated business productivity suite adapted to your reality! The best office applications and most efficient cloud services are combined with a complete...

read more

Cloud Office Suites

Unlock your potential with an industry leading, fully integrated business productivity suite adapted to your reality! Modern office suites in the cloud are a great way to increase collaboration; multiple staff members can work on one document at the same time. You can...

read more