Zack WhittakerDec 1, 2022

New: LastPass said an "unauthorized party" gained access to customers' information stored in its cloud storage shared with its parent company, GoTo (formerly LogMeIn).

More: https://techcrunch.com/2022/11/30/lastpass-goto-breached-customer-information/

TechCrunch is part of the Yahoo family of brands

Luna MDec 1, 2022
Show threadZack Whittaker

LastPass' CEO Karim Toubba, who was appointed in April, says the unauthorized party used information stolen from LastPass systems in August to access the cloud storage containing customer information.

Seems plausible that maybe stolen internal creds or keys weren't invalidated after the August breach, which allowed a second compromise?

More: https://techcrunch.com/2022/11/30/lastpass-goto-breached-customer-information/

TechCrunch is part of the Yahoo family of brands

Dec 1, 2022 at 2:45amWeb
Show threadBob YoungDec 1, 2022
@zackwhittaker
This incident reminds me of a long-standing theme. I've shared the following before:
How centralization affects cybersecurity:
"Let's put all our eggs in one basket. Then, when there's a slip-up and the basket falls to the pavement, we can all be shocked by the size of the mess."
Show threadSpaceLifeFormDec 1, 2022

@zackwhittaker

I knew this would be easy.

hxtps://aws.amazon.com/blogs/modernizing-with-aws/how-logmein-migrated-a-billion-records-online-from-oracle-to-amazon-aurora-and-achieved-sub-millisecond-response-time/

Show threadSpaceLifeFormDec 1, 2022

@zackwhittaker

There is seriously something wrong at AWS. I have lost count.

Show threadWolfgang 🎶= Me + Dog ☑️Dec 3, 2022
@zackwhittaker