LastPass security breach exposed personal data and encrypted vaults of up to 1.6 million UK users, leading to a £1.2 million fine by the ICO. The attack involved a compromised employee device, malware deployment, and theft of cloud backup data, highlighting the importance of strong security measures and passwords. #LastPass #ICO #PasswordSecurity
Keypoints
- The breach originated from a compromised employee laptop accessing the LastPass development environment.
- Attackers exploited a vulnerability in a third-party streaming app to deploy malware and steal a master password.
- The threat actors obtained encryption keys and backed up customer vault data stored in the cloud.
- Customer personal information, including encrypted vaults and contact details, was stolen.
- LastPass’s security depended heavily on the strength of users’ master passwords, which could be cracked through brute-force attacks.