State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

LastPass 2023

NJCCIC Data Breach Notification

Original Release Date: 3/10/2023

Summary

The NJCCIC recently reported on the LastPass breach in August and provided an update revealing that threat actors accessed source code and proprietary technical information from its development environment through a compromised employee account, resulting in the acquisition of credentials and keys to steal information from a backup stored in a cloud-based storage service. The massive breach further revealed that threat actors targeted one of the four LastPass DevOps engineers and planted keylogger malware on their home computer to steal account credentials to breach the Amazon AWS cloud storage servers to exfiltrate sensitive data, including encryption keys for LastPass customer vault backups and decryption keys to access critical backups and resources. The above risks impact both LastPass and GoTo accounts and users, including Join.me, Central, Remotely Anywhere, and Hamachi. The second attack was a result of the exploitation of the CVE-2020-5741 vulnerability impacting a third-party media software package, Plex Media Server on Windows, that can allow remote authentication to executive arbitrary Python code. The Plex Media Server software was not upgraded on the engineer’s home computer to activate the three-year-old patch for the vulnerability, allowing the threat actors to access the server administrator’s Plex account and upload a malicious file via the Camera Upload feature resulting in execution via the media server.

Recommendations

The NJCCIC recommends users refrain from using their master password on other websites or accounts, as threat actors may use dumps of compromised credentials or stolen information to target LastPass and GoTo account users with brute force, credential stuffing, social engineering, or phishing attacks. Also, users are advised to follow password best practices by using strong, unique passwords, refraining from password reuse, and enabling MFA on accounts. Additionally, employ tools such as haveibeenpwned.com to determine if your PII has been exposed via a public data breach. Furthermore, refrain from posting sensitive information online to reduce your  digital footprint. Users who suspect their PII has been compromised should review the Identity Theft and Compromised PII NJCCIC Informational Report for additional recommendations and resources. 

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.