Déjà vu: Lastpass breach

Another LastPass Data Breach?

Some context

LastPass, a password manager solution provider and leading security firm, has been involved in a security incident again, after a couple of recent events.

This isn't the first time LastPass announced that its data vault was breached by an unauthorized party.

Another incident occurred in 2021, when LastPass deployed enhanced security controls to protect the master passwords of its customers.

The company said that it had deployed additional security measures to further protect customer data and their encrypted passwords - however, with this new breach, it begs to question how thorough those measures were.

In August of this year, the company submitted a post on its official website indicating that a development environment had been compromised revealing part of the customer’s data. A month later, they uploaded a follow-up post with more details about the breach, like the fact that the password vaults weren’t affected and reassuring a strong security posture to prevent similar incidents from happening in the future.

What happens to your encrypted data when your company experiences a customer data breach?

You might think that customer data would be safe in the hands of leading security firms, but this isn't always the case.

What usually happens to customer data or encrypted data?

The company detects unusual activity on their source code, customer data or encrypted data and alerts law enforcement officials. They then notify customers by email that their information in the encrypted password vaults has been compromised.

What do do they do next? They increase their protection measures by validating all customer logins using two-factor authentication (2FA). This means that before accessing any customer accounts, users must provide additional proof of identity in addition to their password.

In addition to increasing security measures against future attacks from hackers, the company usually offers free credit monitoring services to all affected customers for 12 months after the incident occurred.

What happened this time?

During that last incident, LastPass added that some snippets of its source code and proprietary information were stolen. Then, on November 30th, Karim Toubba, CEO of the company, shared information claiming that the attackers were able to leverage that stolen information to gain access to certain elements of the user's data. Nevertheless, he stated that customer passwords remain safe thanks to the application’s Zero Knowledge architecture, part of the proprietary lastpass technical information.

What should I expect?

The company is still working to identify what specific information was part of the breach. In the meantime, they stated that their services remain fully functional.

Given the iterative nature of these incidents and the fact that they haven’t released a statement clarifying which exact information was part of the breach, it is expected that new updates should come in the following days.

Any mitigation plans for the future?

As part of that last update, they suggested keeping MFA enabled and following their best practices as described in this post. However, in a scenario where your credentials are exposed, the key point here is to determine what could attackers do once inside your systems. Sound scary? Don’t worry. At Red Sentry, we help you know if you’ve been part of a data breach and to keep your attack surface as minimal as possible. If you have any questions or fear your information may have been breached, contact us.

Andres Pena
Security engineer, developer and economist

What Results You Can Expect

Below are just some of the reasons why you should choose Red Sentry.

No Lead Times

We make the process smooth. We have no lead times (for those ASAP pentests).

Dedicated Project Manager

Your PM will communicate with your team throughout the pentest process.

No Hidden Fees

There are no hidden fees or overage fees. The price you see, is what you get.

Retest

We offer a retest once you patch up any vulnerabilities.

Affordable Pentests

We make pentesting affordable by cutting out any fluff hourage.

Actionable Reporting

We report all criticals and highs to your team immediately during testing.

You're in Good Hands

Save time, avoid false positives, truly operationalize security, and manage costs.

Schedule a Pentest
Stars Review

Rated 4.8 on G2 & Capterra

"The Healthcare sector has been heavily affected by cyber attacks this past year. As we have so much sensitive data in our business, security is one of my main concerns. Since we’ve been using Red Sentry, I feel more confident because my team knows which patches need to be applied first and how to test them afterwards.”
Dana White
CTO, American Cosmetic Surgery Network
"We hold most of our data inside our Cloud infrastructure, which not many cybersecurity companies are focused on. Being able to have a thorough look at our Cloud security allows us to report our status to our clients and assure them we are taking a proactive approach to cybersecurity.”
Gabe Killian
VP Software Security, Procella Health
"Great enterprise tools for risk assessments. We were up and running on the software in just one day. Very easy team to work with and extremely affordable for the amount of visibility and features you get.”
David Lewandowski
CTO, United Networks of America
"We are pleased to have a strategic partnership with Red Sentry that offers our joint customers a leading integrated security solution that reduces risk and helps to keep threats out of the environment. Together, we are delivering highly accurate network assessments and intelligent automation of workflow processes and policies for a diverse customer base."
David Cartwright
Head of Commercial Cyber Security for Osi Vision

See how we compare

We strive to bring the best pentest solution, for the cheapest price. And did we mention that we are fast?

Other Pentest Solutions

Red Sentry

Time to Launch: Weeks to Months
Time to Launch: < 7 days
Price: High (excessive fluff hours charged)
Price: Most Affordable (Ask about Price Matching)
Support: Medium
Support: High with dedicated PMs and Team Leads
False Positive Rate: Medium
False Positive Rate: Low
Customer Satisfaction: 
Medium
Customer Satisfaction: High

Discover your vulnerabilities

Schedule a Pentest
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.