Blog Resources

LastPass Security Incident: What You Should Know

by | Mar 3, 2023 | Cyber Security, Humans & IT, IT Prevention

LastPass, one of the leading password management services, disclosed two security incidents in 2022 that affected both LastPass and its customers. LastPass just delivered an announcement reviewing all of the details. They also offered recommendations on the actions should you take to protect yourself or your business.

In this blog post, we will review what happened in these security breaches, what actions LastPass took in response, and what people should do moving forward to protect themselves.

What Happened

LastPass disclosed two separate security incidents in 2022. Neither of these incidents was caused by any LastPass product defect or unauthorized access to or abuse of production systems. Instead, a threat actor exploited a vulnerability in third-party software, bypassed existing controls, and accessed non-production development and backup storage environments.

The first incident occurred when a software engineer’s corporate laptop was compromised. This allowed the unauthorized threat actor to gain access to a cloud-based development environment. From there they were able to steal source code, technical information, and certain LastPass internal system secrets. No customer data or vault data was taken during this incident. This is because there is no customer or vault data in the development environment. LastPass initially declared this incident closed but later learned that sensitive information stolen in the first incident was used to identify targets and initiate the second incident.

The second incident was more serious. The threat actor targeted a senior DevOps engineer by exploiting vulnerable third-party software. This was used to deliver malware, bypass existing controls, and ultimately gain unauthorized access to cloud backups. The data accessed from those backups included system configuration data, API secrets, third-party integration secrets, and encrypted and unencrypted LastPass customer data.

In response to these incidents, LastPass mobilized its internal security teams and resources from Mandiant. As part of the containment, eradication, and recovery process, LastPass took the following actions:

  • Removed the compromised development environment and rebuilt a new one to ensure full containment and eradication of the threat actor.
  • Deployed additional security technologies and controls to supplement existing controls.
  • Rotated all relevant cleartext secrets used by its teams and any exposed certificates.
  • Analyzed LastPass cloud-based storage resources and applied additional policies and controls.
  • Analyzed and changed existing privileged access controls.
  • Rotated relevant secrets and certificates that were accessed by the threat actor.

LastPass has completed its investigation into the data breach and said that it hasn’t detected any unauthorized activity since October.

What Data Was Accessed?

As detailed in the incident summaries, the threat actor stole both LastPass proprietary data and customer data, including the following:

In Incident 1:

  • On-demand, cloud-based development and source code repositories – this included 14 of 200 software repositories.
  • Internal scripts from the repositories – these contained LastPass secrets and certificates.
  • Internal documentation – technical information that described how the development environment operated.

In Incident 2:

  • DevOps Secrets – restricted secrets that were used to gain access to LastPass’s cloud-based backup storage.
  • Cloud-based backup storage – contained configuration data, API secrets, third-party integration secrets, customer metadata, and backups of all customer vault data. All sensitive customer vault data, other than URLs, file paths to installed LastPass Windows or macOS software, and certain use cases involving email addresses, were encrypted using LastPass’s Zero knowledge model and cannot be accessed by the threat actor.

What Actions Should You Take to Protect Yourself or Your Business?

LastPass has recommended that all customers change their master password, enable multi-factor authentication methods, and verify that their devices are secure. In addition, if customers shared their master password or used it on any other sites, they should change their password on those sites as well.

  1. Change Your Master Password: If you have not already done so, change your master password to a strong, unique password.
  2. Enable Multi-Factor Authentication: Enable multi-factor authentication (MFA) for your LastPass account to provide an additional layer of security.
  3. Review Your LastPass Vault: Review your LastPass vault for any suspicious activity or unauthorized access.
  4. Rotate Your Passwords: Rotate your passwords on a regular basis and use unique, complex passwords for each account.
  5. Stay Informed: Stay informed about the latest security threats and best practices for protecting your sensitive data.

For LastPass business customers, LastPass recommends that administrators reset all user passwords, enable multi-factor authentication, and review all user accounts and permissions. LastPass also recommends that businesses review their LastPass audit logs and monitor their networks for any signs of unauthorized access.

  1. Enforce Password Policies: Enforce strong password policies for all employees and require the use of multi-factor authentication.
  2. Monitor Employee Access: Monitor employee access to LastPass and revoke access for any employees who no longer need it.
  3. Review Activity Logs: Review activity logs for any suspicious activity or unauthorized access.
  4. Rotate Passwords: Rotate passwords on a regular basis and use unique, complex passwords for each account.
  5. Train Employees: Train employees on cybersecurity best practices and conduct simulated phishing exercises to raise awareness.

Multi-Factor or two-factor authentication is going to be a major theme when helping secure accounts. Using a mobile phone for multi-factor authentication through an authenticator app is a secure and convenient way to verify user identity. MFA can act as effective security measure by providing an extra layer of protection to prevent unauthorized access.

To learn more about multi-factor authentication and for a deeper overall look into cybersecurity, be sure to check out EVERNET’s Cybersecurity Essentials Guide E-book.

What Does The Recent Breach Mean for LastPass Subscribers?

The breach allowed unauthorized access to sensitive user account data and vault data. As a LastPass subscriber, you should be concerned about the safety and integrity of your data stored in the vaults. You may want to question LastPass’s capacity to keep your data safe, despite the latest security improvements mentioned in the company’s latest blog post.

At EVERNET, we understand that our customers’ security is of utmost importance. That’s why we immediately notified them of the security incidents when we were made aware by LastPass and advised them to take the proper actions to ensure their data security. We will continue to keep them informed throughout these processes. Taking care of our customers during times like this is our top priority.

If you’re a LastPass subscriber, an unauthorized party might have access to your personal information such as your LastPass username, email address, phone number, name, and billing address. Additionally, the IP addresses used while accessing LastPass were exposed during the breach, meaning that the attackers could see the locations from which you used your account. The unauthorized party could also view all of the websites for which you have login information saved with the password manager (even if the passwords themselves are encrypted) because LastPass doesn’t encrypt users’ stored website URLs.

This information provides potential attackers the ability to launch a phishing attack and socially engineer their way to account passwords. If you have any password reset links stored that may still be active, an attacker can easily create a new password for themselves.

According to LastPass, encrypted vault data like usernames and passwords, secure notes, and form-filled data that was stolen remains secured. This is important but your accounts are still at risk. This is because if the attacker were to crack your master password then they would be able to access all of that information, including all the passwords and usernames to your accounts.

Changing your master password now will not protect you. That is because the attackers already have a copy of your vault that was encrypted using the master password you had in place at the time of the breach. This means the attackers have an unlimited amount of time to crack master passwords. The best course of action is to do a site-by-site password reset for all of your LastPass-stored accounts. By changing your passwords at the site level, the attackers would only have access to your old, outdated passwords.

LastPass’s security breaches serve as a reminder that even the most secure systems can be vulnerable to attack. By following the recommended actions and best practices outlined in this post, LastPass customers can further enhance the security of their accounts and data.

At EVERNET Consulting, we believe in building strong relationships with our customers. We are always there for them whenever they have a question or concern. Our dedicated team of experts is ready to provide support and guidance at every step, ensuring that our customers can rely on us for all their technology needs.

If you are interested in learning more about password management software, check out EVERNET’s Password Management For Business and How It Helps E-book.

At EVERNET Consulting, we are dedicated to helping organizations with their cybersecurity needs. We work diligently to find the solutions that best fit the needs of your business. Whether you’re looking for IT support, software recommendations, or guidance on how to get the best protection for your computer systems, we are here to help. Let’s schedule a discovery call and see how we can help you work smarter, not harder.

 

Project Discounted Hourly Rates

All new accounts pay a $500 dollar onboarding fee to start and an additional $125 per resource.

Marketing Materials

At EVERNET, we are experts in providing a broad range of marketing materials to our clients. Our offerings include brochures, flyers, business cards, posters, product catalogs, websites, social media content, press releases, presentations, and email newsletters.

SEMRush Premium Location

SEMRush Premium is a comprehensive suite of tools that helps businesses improve their online visibility and performance. It includes features for keyword research, competitive analysis, website auditing, and more. SEMRush Premium is used by businesses of all sizes, from small businesses to large enterprises.

SEMRush Basic Location

SEMRush Basic Location is a feature that allows you to manage your business listings in over 70 local directories.

Email*: Newsletter

Email*: Newsletter" refers to a task or item on a schedule or to-do list that involves writing and sending an email newsletter to a group of subscribers. A newsletter is a regular communication sent by a company, organization, or individual to provide updates, share information, and engage with the recipient base.

Email*: Product & Services Promo

Email*: Product & Services Promo" refers to a task or item on a schedule or to-do list that involves writing and sending an email to promote specific products or services offered by a company or organization. This email aims to attract recipients' attention, highlight the features and benefits of the products or services, and encourage them to purchase or engage with the offerings.

Email* Company Post (Holidays, Quick News Items)

Email*: Company Post (Holidays, Quick News Items)" refers to a task or item on a schedule or to-do list that involves writing and sending an email on behalf of a company or organization. This email aims to share company-related updates, news items, or holiday greetings with the intended recipients, such as employees, clients, or subscribers.

Email*: Blog/Press Release (est 1.25 hrs)

Email*: Blog/Press Release" refers to a task or item on a schedule or to-do list that involves writing and sending an email related to a blog or press release. It typically entails reaching out to individuals or organizations to announce the publication of a new blog post or a press release and seeking their support, coverage, or collaboration.

Social Text Post 

A social text post is a written message or update shared on social media platforms or online communities. It is a way for individuals to express their thoughts, opinions, share information, ask questions, or engage in conversations with others within their social network or online community.

Project Discounted Hourly Rates

All new accounts pay a $500 dollar onboarding fee to start and an additional $125 per resource.

 

Managed Website Support

EVERNET’s team of experts offers comprehensive website support services to ensure your website's smooth and efficient running. Our support includes technical and administrative assistance, such as website security updates, performance monitoring, and troubleshooting.

Branding Style Guide

A branding style guide, also known as a brand guidelines document or brand manual, is a comprehensive document that outlines the visual and stylistic guidelines for consistently representing a brand's identity across various mediums and applications. It is a reference tool for designers, marketers, and anyone involved in creating or using brand materials to ensure the brand is accurately and consistently presented.

Branding Stylescape

A branding stylescape, also known as a brand mood board or visual identity board, represents a brand's aesthetic and visual direction. It is a collage or composition of various design elements, including color palettes, typography, imagery, patterns, textures, and other visual cues that capture the essence and personality of a brand.

Deliver Logo Pack

The deliverable logo pack is a comprehensive resource for clients or stakeholders to effectively use and apply the logo in different contexts and across various platforms. It empowers them with the necessary files and guidelines to maintain consistency, protect the integrity of the brand identity, and ensure the logo's proper representation.

Logo Mockups

Logo mockups are a valuable tool in the design process, allowing designers and clients to assess the logo's effectiveness in real-world applications. They help bridge the gap between a conceptual logo design and its practical implementation, enabling informed discussions and decision-making.

Vectorize Logo

When a logo is vectorized, the original design or raster logo is converted into a vector format. This conversion process involves tracing the original logo using vector software or redrawing it using vector tools. The result is a logo that can be scaled to any size without pixelation, making it suitable for various applications, such as print materials, signage, websites, or promotional products.

Revisions

Logo design revisions are crucial to the design process, allowing our clients to provide input and shape the outcome. Through effective collaboration and iterations, our designers strive to create a logo that reflects your brand's identity and values and satisfies the client's expectations.

Logo Sketches

EVERNET will work with our clients on a hand-drawn or digital drawing that represents an initial exploration of ideas for a logo design. It is a rough and simplified representation of the logo concept and serves as a starting point for further development. Designers typically create logo sketches during the ideation phase of the design process.

Logo Concept

At EVERNET, we collaborate with our clients to bring their logo ideas and design direction to life. Our team uses a creative and strategic approach to develop logo concepts that represent the brand or organization visually. These concepts are crucial in the logo development process before the final design is selected.

Introductory Meeting

An introductory meeting for a branding project with EVERNET is a gathering or discussion that marks the initial stages of collaboration between a client and our agency. Its purpose is to establish a foundation for the project, allowing both parties to exchange information, align expectations, and explore the goals and objectives of the branding initiative.

Page Localization per page

Page localization per page refers to adapting or customizing individual web pages to suit a specific target audience's language, culture, and preferences. Instead of translating an entire website, page localization focuses on specific pages or sections relevant to a particular market or region. It involves modifying a webpage's content, design, and functionality to cater to the particular needs and expectations of the target audience.

Multivariant Testing

Multivariate testing, also known as multivariable testing, is a technique used in marketing and web development to simultaneously test multiple variations of elements or factors on a webpage or within a marketing campaign. It allows businesses to evaluate the combined impact of various variables and their interactions, providing insights into which combination produces the best results.

A/B Testing

A/B testing, also known as split testing, is a method used in marketing and web development to compare two or more variations of a webpage or element to determine which one performs better in achieving a specific goal. It involves dividing the audience into separate groups and showing each group a different version of the webpage or element to measure and analyze their response and behavior.

Sales Funnel/Lead Gen Pages

Sales funnel/lead gen pages are designed to capture leads and guide potential customers through sales. They are vital to online marketing and sales strategies, aiming to convert visitors into qualified leads and eventually into paying customers.

Revisions/Adjustments

Revisions or adjustments to a webpage refer to the modifications or changes made to a web page's content, design, or functionality. These revisions are typically done to improve the overall user experience, address issues, or update the webpage to reflect new information or requirements.

Web Page Translator

A webpage translator is a tool or feature that enables web content translation from one language to another. It allows users to view a webpage in their preferred language, even if the original content was written differently. Webpage translators are designed to make websites more accessible and user-friendly for a global audience.

Web Page Chat Bot

A webpage chatbot, also known as a web chatbot, is a type of conversational agent or virtual assistant designed to interact with users through a website. It is typically integrated into a webpage or application to provide real-time assistance, answer questions, and engage in conversations with visitors.

Web form creation refers to the process of designing and building interactive forms that are embedded in websites. Web forms are digital forms that allow users to input and submit information through various fields and elements.

Template Contact Form 

A template contact form refers to a pre-designed and pre-built form layout that can be used as a starting point or foundation for creating a contact form on a website. It provides a structured framework with the necessary fields and design elements commonly found in contact forms.

Privacy Policy Page

Termageddon privacy policies generator and management tool that helps website owners comply with various privacy laws, such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Children’s Online Privacy Protection Act (COPPA). The tool provides customizable templates for privacy policies, terms of service agreements, disclaimers, and other legal documents that businesses may need for their websites.

Analytics & Search Engine Connection 

Analytics and search engine connection refer to integrating web analytics tools and search engines, typically Google Analytics and search engines like Google, Bing, or Yahoo. This connection allows businesses to gather valuable data and insights about their website's performance, user behavior, and search engine visibility.

Client Portal Integration

Client portal integration refers to incorporating a client portal into a business's existing systems or website, allowing secure and streamlined communication, collaboration, and access to resources between the company and its clients.

Competitive Keyword Research $/KW

Competitive keyword research is identifying and analyzing the keywords that competitors target in their digital marketing strategies. It involves researching and understanding the keywords your competitors are ranking for in search engine results pages (SERPs) and using that information to inform your keyword targeting strategy.

Google Reviews Carousel

The Google Review Carousel is a feature in Google search results that displays reviews for a specific business or entity.

Blog Integration

Blog integration refers to seamlessly incorporating a blog into a website or other digital platform. It involves integrating the blog functionality, design, and content management system (CMS) with the existing website infrastructure, allowing for a unified and cohesive user experience.

CRM Integration

CRM integration refers to connecting a Customer Relationship Management (CRM) system with other software applications or platforms to enable seamless data sharing, automation, and enhanced functionality. Integrating the CRM system with various tools, such as marketing automation software, email marketing platforms, e-commerce platforms, help desk systems, and more.

Copywriting/SEO

In web design, copywriting and SEO work hand in hand to create a visually appealing, engaging website optimized for search engines. Copywriters collaborate with SEO specialists to conduct keyword research and strategically integrate relevant keywords into the website's content, headings, and meta tags. They create persuasive copy that captures the target audience's attention and aligns with SEO best practices.

Custom Designed Page/Section

A custom-designed page/section is a uniquely tailored layout or structure created to meet specific design requirements and align with a brand's visual identity or individual preferences. Unlike a basic designed page/section, which often relies on pre-existing templates or standard layouts, a custom-designed page/section offers higher creativity, originality, and personalization.

Basic Designed Page/ Section

A basic designed page/section refers to a simple and straightforward layout or structure that serves as a foundation for content creation. It typically includes essential elements and a minimalistic design approach, focusing on clarity and ease of use. Primary designed pages/sections are commonly used in various contexts, such as web development, document creation, and graphic design.

Template Page/Section

A template page/section refers to a pre-designed layout or structure as a starting point for creating consistent and cohesive content within a larger document or website.

vCMO - Marketing Business Review 

A vCMO can be a valuable resource for businesses that lack in-house marketing expertise or need additional strategic guidance. Developing and implementing effective marketing strategies that drive business growth can be easy with a dedicated marketing team or chief marketing officer.

Advertising Management

With EVERNET's advertising management services, we take the burden off your shoulders by handling your advertising needs across various platforms. From social media and web advertising to print and billboard campaigns, we've got you covered. Our experienced team of professionals ensures that each venue receives dedicated attention, with an estimated time of 1 hour per venue.

Email*: Newsletter

Our team understands the importance of keeping your subscribers updated and entertained with valuable content. From industry insights and trends to company news and exclusive offers, our newsletters are designed to captivate readers and foster a sense of connection.

Email*: Product & Services Promo

When it comes to promoting your products and services, EVERNET excels in crafting compelling email campaigns. Our team specializes in creating attention-grabbing and persuasive email content that effectively showcases your offerings. Whether you're launching a new product, announcing a service upgrade, or running a promotional campaign, our tailored emails will captivate your audience and drive conversions.

Email* Company Post

With EVERNET's expertise in email marketing, we offer tailored company posts that are perfect for holiday promotions or sharing quick news items. Our team crafts engaging and personalized emails, ensuring your message resonates with your audience during festive seasons or when you have important updates to share.

Email*: Blog/Press Release

At EVERNET, our team of experienced copywriters excels at crafting specialized blog posts and press releases that cater to your business needs, delivering captivating content on any topic you desire.

Social Image/Graphic/Non-Produced Video Post

EVERNET creates captivating and tailored social image/graphic/non-produced video posts for its clients, ensuring that the visual content aligns with the unique requirements and characteristics of the social media platform on which they market their business.

Social Text Post 

EVERNET leverages its expertise to curate and distribute compelling social text posts on behalf of its clients, tailoring the content to suit the specific social media platform they utilize for marketing their business.

WP Rocket

WP Rocket is a premium caching plugin for WordPress websites designed to improve the website’s speed and performance by reducing the page loading time, minimizing HTTP requests, and optimizing code.

Workstation Backup

Backup and disaster recovery are two separate but connected concepts that organizations should always consider together. Backing up data is storing a copy of a business’s data in a cloud or physical environment, such as an external hard drive. 

 

General Copywriting/ Blog Press Release/ Content Page

EVERNET specializes in creating content that resonates with your target audience and drives engagement, whether you’re looking for blog posts, press releases, social media text, or email marketing.

Zoho Social Brand Management

Social media management tool helps businesses and agencies manage their social media presence more efficiently.

SEMRush Listing & Reputation management

SEMrush is a popular digital marketing tool that provides insights and analytics for SEO, PPC, social media, content marketing, and more. It helps businesses optimize their online presence, improve search rankings, and increase website traffic.

Termageddon

Termageddon privacy policies generator and management tool that helps website owners comply with various privacy laws, such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Children’s Online Privacy Protection Act (COPPA).

SiteGround Website Hosting

EVERNET can assist your business by selecting the best web hosting platform based on your company’s specific needs and budget. Our experienced team can help migrate your site to a new hosting platform, configure the hosting environment, and provide ongoing monitoring and maintenance to ensure the site is always running smoothly.

Managed Advertising Support

At EVERNET, we understand the importance of advertising your brand, services, or products to the right audience. That is why our industry professionals are here to help you optimize your advertising campaigns to achieve your advertising goals and increase your ROI.

Managed CRM Support

EVERNET is a third-party implementation partner; we work with trusted software customer relationship management (CRM) vendors to provide software and technology solution services to help your business grow. We provide expertise, support, and resources to help your company deploy and maintain third-party solutions.

Managed Social Media Support

With EVERNET Social Media Support, we provide a comprehensive suite of services tailored to your business needs. From developing a custom social media strategy to community management, advertising, and analytics tracking, we offer a personalized approach that ensures your success on social media.

Managed Listing and Reputation Support

EVERNET offers comprehensive managed listing and reputation support services to help businesses establish and maintain a positive online presence.

Hosted Phone Service (VoIP)

A VoIP phone service eliminates the need for expensive hardware, lowering the setup fee more than traditional phone systems. VoIP won’t cost as much as you think for everything from virtual numbers to video conferencing.

Microsoft 365

Microsoft 365 suite is a family of productivity software, collaboration, and cloud-based services designed to make teamwork effortless. It includes Microsoft Outlook for email, OneDrive cloud storage, Microsoft Teams, and cloud applications like Word, Excel, and PowerPoint.

Corporate Password Manager

Password Management is a service that utilizes software that stores and manages online credentials. This allows individuals and businesses to save and manage their passwords from one safe space.  

Virtual Chief Information Officer (vCIO)

A vCIO, or virtual Chief Information Officer, is a professional who provides technical leadership and strategic guidance to an organization on a part-time or contract basis.

IT Maintenance

IT maintenance refers to ensuring that an organization’s information technology (IT) systems and infrastructure are operating smoothly and efficiently. This involves performing routine tasks such as installing software updates and patches, monitoring system performance and security, and repairing or replacing hardware.

Email Advanced Threat Protection

Email Advanced Threat Protection (ATP) is a security solution designed to protect email systems from advanced threats such as phishing, malware, and zero-day attacks.

Security Awareness Training

Security awareness training educates employees on how to protect the organization’s computer systems. Its goal is to help prevent cyber attacks from impacting a company’s database and day-to-day operations. 

Patch Management

Patch Management is a service that involves identifying, acquiring, testing, and installing patches or code changes to the software. 

Antivirus (EDR)

Antivirus is software used to prevent, scan, detect, and delete viruses from a computer. Antivirus software typically runs automatically in the background and provides real-time protection against virus attacks.

Device Health & Security Monitoring

24/7 Device Health Monitoring is a service that allows our IT team to keep a finger on the pulse of your IT Solutions, keeping your network running without interruption.  

Vendor Management

Vendor Management Service is a service EVERNET offers that helps clients manage their vendors. We do this by creating a unique email address for every client on EVERNET’s mail server, and we point this email address to our Client Portal.

Managed IT Support

With expertise in everything from Microsoft 365 to hosted phone services, backup and disaster recovery, 24/7 device health and security monitoring, and everything in between, EVERNET will manage all aspects of your IT systems. Keep your focus on confidently running your business, knowing EVERNET has your IT Solutions covered.