LastPass Breach - Osirium Comment
December 2022 by Mark Warren, Product Specialist, Osirium
In light of the news that LastPass has suffered yet another breach, please see comment below from Mark Warren, Product Specialist, Osirium:
"It appears LastPass may still have lessons to learn after their breach in August. Previously, they were clear about LastPass developers not having access to production systems, which was a positive, given that developers often have a lot of access so, it’s critical that developer credentials are protected just like any systems administrator.
However, in the latest breach, it seems information from the previous attack was used to gain access to some customer information. It shows that even though an attack seems to have been contained and measures put in place to stop it happening again, it’s still a case of "closing the stable door after the horse has bolted" so it should be assumed that data and credentials have been exfiltrated and available on dark web marketplaces."