Support Center
Contact Us

LastPass Reveals Details of Attack

LastPass recently revealed more details of the second malware attack targeting its infrastructure.It also disclosed the company’s actions to prevent similar attacks in the future. By learning more about the attack, business owners can strengthen their own security weaknesses.

There Were Two Incidents
The threat actor ended the original attack on Aug. 12, 2022. A second attack occurred from Aug. 12, 2022, to Oct. 26, 2022. The two incidents were not seen as related until LastPass began investigating the second attack. Simply put, the threat actor needed information from the second attack to use the data gathered in the first attack.

More Specifics
Some LastPass credentials that the threat actor stole in the first attack were encrypted. They did not have access to the decryption keys, which were only available in a handful of places.

To access those keys, the second attack targeted a DevOps engineer with access to the decryption keys. The threat actor targeted the engineer’s home computer using a vulnerable third-party media package and a keylogger. This provided access to the engineer’s corporate vault at LastPass.

With that access, the threat actor exported the vault entries and shared folder content, including encrypted content and decryption keys.

What Steps LastPass Has Taken
LastPass has taken several notable steps to prevent similar incidents in the future, including:

  • Improving the DevOps engineer’s home security
  • Investigating resources with forensic imaging
  • Rotating credentials the threat actor likely had access to
  • Revoking and then re-issuing certificates the threat actor likely obtained
  • Adding logging and alerting in cloud storage
  • Updating IAM users and keys, including deleting unnecessary users

Conclusion
Malware like that used in the LastPass attacks is a growing threat to consumers and businesses. Business owners need to be aware of the dangers posed by this malware, especially combined with the appeal of credit card information. With strong security measures, businesses can protect critical operational data and customer information. Some best practices include monitoring to check for unexpected purchases and canceling affected cards. Businesses should also set up other safeguards. Overall, businesses need to be proactive and informed. This can prevent malware infections and minimize their effects.

Used with permission from Article Aggregator

Paul Marchese - President
Paul Marchese
President of Marchese Computer Products | IT Consultant | Best Selling Cybersecurity and Compliance Author

Paul Marchese is a veteran IT leader and founder of MCP, the longest-standing technology firm in Western and Central New York. With over four decades of experience, he has built a company dedicated to simplifying technology for small and medium-sized businesses. 

Since founding MCP in 1981, Paul has led the organization in delivering strategic IT, cybersecurity, and risk management solutions that enable clients to focus on growth rather than IT challenges.

His expertise spans IT strategy, cybersecurity, and business operations, with a focus on industries such as construction, legal, manufacturing, agriculture, and engineering. Under his leadership, MCP provides services that strengthen compliance, streamline processes, and secure organizations against evolving threats.

Paul has written several Amazon bestselling books, including Business Owner’s Guide to Cyber Security (2020), From Exposed to Secure (2024), and The Cyber Playbook (2025).

Get in touch with our experts and get a free consultation
Get in Touch
Recent Posts:
Get a Free Consultation

Contact our experts today

Get in Touch
Recent Posts:
All Resources ⬈
Grow Your Business Without Limits

Focus on scaling your business confidently while we handle the complexities of your IT needs.

Book a Meeting