Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Preprint |
| Published: |
2025
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2502.04287 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866910817296842752 |
|---|---|
| author | Gentles, Jessica Fields, Mason Goodman, Garrett Bhunia, Suman |
| author_facet | Gentles, Jessica Fields, Mason Goodman, Garrett Bhunia, Suman |
| contents | Managing the security of employee work computers has become increasingly important as today's work model shifts to remote and hybrid work plans. In this paper, we explore the recent 2022 LastPass data breach, in which the attacker obtained sensitive customer data by exploiting a software vulnerability on a DevSecOps engineer's computer. We discuss the methodology of the attacker as well as the impact this incident had on LastPass and its customers. Next, we expand upon the impact the breach had on LastPass as well as its customers. From this, we propose solutions for preparing for and mitigating similar attacks in the future. The aim of this paper is to shed light on the LastPass incident and provide methods for companies to secure their employee base, both nationally and internationally. With a strong security structure, companies can vastly reduce the chances of falling victim to a similar attack. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2502_04287 |
| institution | arXiv |
| publishDate | 2025 |
| record_format | arxiv |
| spellingShingle | Breaking the Vault: A Case Study of the 2022 LastPass Data Breach Gentles, Jessica Fields, Mason Goodman, Garrett Bhunia, Suman Cryptography and Security Managing the security of employee work computers has become increasingly important as today's work model shifts to remote and hybrid work plans. In this paper, we explore the recent 2022 LastPass data breach, in which the attacker obtained sensitive customer data by exploiting a software vulnerability on a DevSecOps engineer's computer. We discuss the methodology of the attacker as well as the impact this incident had on LastPass and its customers. Next, we expand upon the impact the breach had on LastPass as well as its customers. From this, we propose solutions for preparing for and mitigating similar attacks in the future. The aim of this paper is to shed light on the LastPass incident and provide methods for companies to secure their employee base, both nationally and internationally. With a strong security structure, companies can vastly reduce the chances of falling victim to a similar attack. |
| title | Breaking the Vault: A Case Study of the 2022 LastPass Data Breach |
| topic | Cryptography and Security |
| url | https://arxiv.org/abs/2502.04287 |