In August 2022, LastPass, the password manager service, informed its users that hackers compromised elements of its software source code and proprietary technical information. After investigating the breach LastPass concluded that the attackers did not gain access to any customer data or password vaults.
Unfortunately, in November 2022, LastPass had to inform its customers that the August breach had in fact resulted in encrypted copies of some password vaults, along with other personal information being compromised.
Cryptocurrency Heists
KerbsOnSecurity has reported that the security breach resulted in hackers successfully stealing password vaults containing both encrypted and plaintext data for over 25 million users. Additionally, KerbsOnSecurity revealed that since the breach, there has been a consistent occurrence of cryptocurrency thefts, specifically targeting individuals within the tech industry who prioritize security. This has led experts to believe that the criminals have likely managed to crack open some of the stolen LastPass vaults.
In February of this year, LastPass disclosed that the intrusion was a highly sophisticated and targeted attack against a DevOps engineer. This engineer was one of only four LastPass employees who had access to the corporate vault. According to Enterpreneur Magazine, the hackers gained entry to the employee’s computer by installing a keylogger within the software, allowing them to obtain the employee’s password for the LastPass corporate vault.
“$35 Million Stolen”
From August to October 2022, the obtained information was utilized to gain access to basic customer account details and associated metadata. These details encompassed the names of companies and end-users, billing addresses, email addresses, and phone numbers, as well as the IP addresses utilized by customers to access the LastPass website. InfoSecurity reports the perpetrator was also able to duplicate a backup of customer vault data from the encrypted storage container, which is saved in a proprietary binary format that contains both unencrypted data, such as URLs, and fully encrypted sensitive fields, such as online usernames and passwords, form-filled data, and secure notes. Last month, CoinTelegraph claimed that “at least $35 million” in crypto currency was “stolen from victims of the LastPass breach since 2022.”
Threat Posed by Keyloggers
“In light of the recent LastPass password manager breach and the subsequent cryptocurrency thefts, the perils of keyloggers have once again come to the forefront. I can’t stress enough the importance of proactive cybersecurity measures,” commented Brent Agar, Director of Business Development, SentryBay North America. “Keyloggers are insidious tools that can capture every keystroke, potentially leading to the compromise of sensitive information, including passwords and financial data. The LastPass incident is a stark reminder that even the most security-conscious individuals and organizations are not immune to such threats.”
“At Sentrybay, we specialize in anti-keylogger technology designed to shield digital assets from such vulnerabilities,” said Tim Royston-Webb, CEO, SentryBay. “Our solutions provide real-time encryption of keystrokes, ensuring that sensitive data remains encrypted from the point of entry. This is just one layer in a multi-faceted approach to cybersecurity that we advocate for in an increasingly hostile digital landscape.”