LastPass Breach (2022)
What is LastPass Breach (2022)?
LastPass Breach (2022)A two-stage 2022 intrusion at LastPass in which attackers stole source code and then exfiltrated encrypted customer vault backups from a cloud storage bucket.
Password manager LastPass disclosed two related security incidents in 2022. In August, attackers compromised a developer endpoint and stole source code and proprietary technical information. In November, the same actors used data taken in the August incident to target an engineer's home computer, install a keylogger via a vulnerable third-party media application, capture the developer's master credentials and access LastPass's cloud storage. From there they exfiltrated customer vault backups containing both unencrypted metadata (URLs, names) and AES-256 encrypted vault entries protected only by users' master passwords. The breach triggered widespread credential resets, regulatory scrutiny and downstream cryptocurrency thefts tied to brute-forced vaults.
● Examples
- 01
A LastPass user rotates every saved credential and migrates to a different password manager after seeing leaked metadata.
- 02
Researchers correlate stolen LastPass vaults with later cryptocurrency wallet drains targeting weak master passwords.
● Frequently asked questions
What is LastPass Breach (2022)?
A two-stage 2022 intrusion at LastPass in which attackers stole source code and then exfiltrated encrypted customer vault backups from a cloud storage bucket. It belongs to the Vulnerabilities category of cybersecurity.
What does LastPass Breach (2022) mean?
A two-stage 2022 intrusion at LastPass in which attackers stole source code and then exfiltrated encrypted customer vault backups from a cloud storage bucket.
How does LastPass Breach (2022) work?
Password manager LastPass disclosed two related security incidents in 2022. In August, attackers compromised a developer endpoint and stole source code and proprietary technical information. In November, the same actors used data taken in the August incident to target an engineer's home computer, install a keylogger via a vulnerable third-party media application, capture the developer's master credentials and access LastPass's cloud storage. From there they exfiltrated customer vault backups containing both unencrypted metadata (URLs, names) and AES-256 encrypted vault entries protected only by users' master passwords. The breach triggered widespread credential resets, regulatory scrutiny and downstream cryptocurrency thefts tied to brute-forced vaults.
How do you defend against LastPass Breach (2022)?
Defences for LastPass Breach (2022) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for LastPass Breach (2022)?
Common alternative names include: LastPass 2022 incident, LastPass vault leak.
● Related terms
- identity-access№ 797
Password Manager
An application that generates, stores, and autofills strong unique credentials, secured by a master passphrase and increasingly by passkeys.
- attacks№ 1116
Supply Chain Attack
An attack that compromises a trusted third-party software, hardware, or service provider in order to reach its downstream customers.
- cryptography№ 379
Encryption
The cryptographic transformation of plaintext into ciphertext using an algorithm and key so that only authorized parties can recover the original data.