Over the weekend, the popular password management tool, LastPass, published a blog post, letting its customers know that it suffered a data breach. Here’s everything you need to know.
LastPass is a very well known security tool used by individuals and organizations alike to streamline password management.
Essentially, LastPass works by storing all your usernames and passwords for your online accounts (Outlook, Netflix, WordPress and so on) in a singular vault, accessible through a ‘master password’ that you set.
When you go to the login page of these websites, LastPass automatically populates the login form for you, saving you from having to remember numerous different passwords.
What is the LastPass data breach?
In a statement, LastPass explained that it noticed suspicious activity about two weeks ago and launched an immediate investigation.
The company discovered that threat actors had gained access to the LastPass development environment, where they stole LastPass source code and some proprietary technical information.
According to LastPass’ CEO, Karim Toubba, there is “no evidence that this incident involved any access to customer data or encrypted password vaults.” He also shared that LastPass “products and services are operating normally.”
This is good news for LastPass customers. It means your data is safe and you don’t need to take any further action to secure your LastPass account.
How did the LastPass data breach happen?
Toubba shared that threat actors got into the development environment “through a single compromised developer account”. There aren’t any details available about how the account was hacked or how long it was compromised for.
This type of attack, known as credentials compromise, is extremely common and highly successful for cyber-criminals. As Verizon’s Data Breach Investigations Report found, 50% of cyber-attacks rely on stolen credentials. In fact, this attack type is the number one cause of data breaches—and has been for the last four years.
The LastPass data breach reinforces that, no matter how big your company is, no entity is immune from credentials compromise attacks.
What lessons can we learn from the LastPass data breach?
Incidents relating to compromised credentials underscore the importance of robust identity and access management (IAM) principles, such as:
- Implement the principle of least privilege: You’ll greatly reduce the likelihood of a successful credentials compromise attack by segregating your users. Ensure that employees only have the access rights they need to do their job—and nothing more.
- Enable multi-factor authentication (MFA): Multi-factor authentication requires your users to verify their identities in at least two ways, such as through a password and a mobile authentication code. MFA is a straightforward way to bolster security.
- Audit users regularly: Dormant and inactive accounts are a dream for hackers, enabling them to break into your systems without being noticed. To ensure this doesn’t happen, you need to regularly audit your user base, shutting down inactive accounts as soon as an employee changes roles.
- Remember data loss prevention (DLP): IAM plays an important role in securing your enterprise, but it’s not foolproof. With so many different employee accounts and so much data scattered all over the place, you need to complement IAM with a solution that protects data from the moment it is created, no matter where it travels. That’s where DLP comes in.
How DLP combats credentials compromise
Polymer DLP autonomously discovers and protects sensitive data across your cloud applications. Using cloud-native controls, it enforces granular access controls and monitors user activity for signs of credentials compromise.
If the solution identifies suspicious activity, it will block the user in question from accessing sensitive company data, and alert the IT team for further investigation, so your data stays safe – even if a user account is hacked.