Bad actors were able to access a third-party cloud storage service LastPass uses to store customer data. It remains unclear how many customers the data breach impacted but it appears that passwords have not been compromised.
LastPass has released an official statement.
In the statement, they advise that they “immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement” and “have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.”
Amit Shaked, CEO and co-founder, Laminar provided commentary on the topic.
This incident shows that even companies that specialize in security are still learning how to best protect and monitor data residing in third-party cloud applications. This education gap is leading to the compromise of important customer and company data. Therefore, it is essential for data and security teams across all industries to think beyond their on-premises infrastructure when asking: where is our sensitive data and is it protected? Scattered data stores are an extremely common problem as companies transition into cloud-based environments, increasing overall organizational security risk. In fact, the presence of unknown or 'shadow' data is increasing across the board and is now a top concern for 82% of data security professionals. To safeguard against data leaks like today’s and have full visibility into hidden data stores, organizations must have complete observability of their cloud data. It is critical to know where it resides, who is accessing it and what its security posture is.