According to LastPass, unknown attackers hacked its cloud storage online backup using data acquired from a prior security incident in August 2022. The security service website claims threat actors were also able to access client data saved in the hacked storage service.
They explained that they recently discovered strange behavior within third-party cloud storage and backup services that are currently shared by both LastPass and its partner, GoTo.
It was concluded that an unauthorized entity was able to get access to certain parts of their customers’ information. They were using information collected in the August 2022 incident.
The password security web app says the security organization Mandiant will examine the issue and reported it to law police. It further stated that clients’ passwords “remain safely encrypted thanks to LastPass’s Zero Knowledge architecture.
What is Zero Knowledge Architecture?
With a Zero Knowledge Architecture system, everything you do is encrypted before it is delivered to the server, and the key to the encryption is never provided to the vendor.
End-to-end encrypted clients that execute crypto calculations are the first key premise of Zero Knowledge Architecture. The server has no knowledge of the data’s nature. By the way, Zero Knowledge Architecture is also known as No-Knowledge architecture.
Second, all actions are carried out on encrypted data. That is, if you are going to add a new entry to a database, you should do it in encrypted form. If you wish to communicate data, you should do it in encrypted form. You even search within the encrypted data.
These principles do not provide extra security in the traditional sense, but rather ensure that client-side encryption is utilized correctly. Zero-knowledge algorithms and protocols ensure that no keys, passwords, files, or other sensitive information are ever sent in an unencrypted or reversed form. At no point are encryption keys or unencrypted data exposed to servers or service administrators.
Two breaches in one year
LastPass claims to have been working hard to determine the breadth of the issue and what precise information was obtained.
This is LastPass’s second security problem this year. Following the confirmation in August that the company’s developer environment had been accessed via a compromised developer account.
The advice was issued just days after the cyber security website contacted the company and received no answer to queries about a probable breach.
The security mobile application company said the attackers acquired source code and confidential technical information from its systems in emails addressed to customers at the time.
According to the company, the attackers had internal access to its systems for four days before being ejected.
LastPass is the company behind one of the most popular password management applications. It is used by over 33 million users and 100,000 organizations.
