In December 2022, LastPass disclosed a severe data breach that allowed threat actors to access encrypted password vaults. The company said one of its DevOps engineers had their personal home computer breached and infected with a keylogger as part of a sustained cyber attack that exfiltrated sensitive data from its Amazon AWS cloud storage servers. LastPass said the threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated second attack.
This intrusion targeted the company's infrastructure, resources, and one of its employees from August 12, 2022 to October 26, 2022. The original incident ended on August 12, 2022. The August breach saw the intruders accessing source code and proprietary technical information from its development environment by means of a single compromised employee account. In December 2022, LastPass revealed that the threat actor leveraged the stolen information to access a cloud-based storage environment and get hold of "certain elements of our customers' information."
Later in the same month, the unknown attacker was disclosed as having obtained access to a backup of customer vault data that it said was protected using 256-bit AES encryption. It did not divulge how recent the backup was.