6/29/2023 0 Comments Lastpass data breachIdentify vendors that could be using the impacted technology This post reviews three practices to improve discovery and mitigation of vendor security incidents, and offers some basic questions to probe vendors on their exposure to the latest LastPass data breach.ģ Best Practices for Third-Party Vendor Data Breach MitigationĪlthough it is not possible to eliminate all risk from every vendor relationship, your third-party risk management program can still deliver the visibility and automation to effectively find and mitigate the risk before further damage or disruption to your business can occur. This incident is yet another example of how organizations can be impacted by a third-party vendor breach and events in their fourth-party ecosystem. Unencrypted data, such as website URLs, as well as fully encrypted sensitive fields, such as website usernames and passwords, secure notes, and form-filled dataĪs a result of the breach, LastPass recommends that customers take an extra measure of caution and change their master passwords to prevent any potential downstream risks such as from a credential stuffing attack.Customer account information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service and.Although LastPass claims that the threat is minimal due to their data encryption methods, attackers could have access to: That an unknown threat actor leveraged information obtained during an August 2022 security incident to access a third-party cloud-based storage service that LastPass uses to store archived backups. On December 22, 2022, password management company LastPass announced
0 Comments
Leave a Reply. |