Password Managers that have been hacked

New technologies are developing at a seemingly never-ending rate and users are reaping the rewards of greater connectivity, lower friction in online interactions, and even AI writing capabilities.

Nowadays, the average person is likely to be heavily reliant on online services for everything from personal finances to entertainment, fitness and wellbeing, to gas bills.

Each account requires authentication — most likely in the form of a password.

With the realization that you shouldn’t really be using the same password for every account that you use, comes the daunting feat of remembering each unique password and their different permutations.

Here’s where password managers swoop in to save the day.

Create your code and follow prompts from your password management tool to store all your passwords in one place — ridding you of last-minute scrambles to reset passwords, and saving you time and perspiration.

This sounds super convenient, yet password managers do have their drawbacks. In this blog post, we’ll explore password managers that have been hacked.

What is a password manager?

A password manager is a tool that saves all of your usernames and passwords in one secure place.

This benefits the user as there’s no longer a need to recall every single password that you ever use. Consequently, you’re able to use incredibly complex passwords that you’d never remember, shoring up the security of your profile.

Having all of your passwords in one place is more convenient for the user. It also means that you’re not physically writing down sensitive information on a notepad, for instance. This reduces the likelihood of misplacing your essential information. It also sways you from storing your passwords in insecure files on your device.

However, the fact remains that if the password you use for your password manager gets hacked, then all of your passwords become available.

Let’s take a look at some examples of what happens in the event of a password manager breach.

LastPass breach

LastPass is a well-known name in the world of password management. It’s widely used as it provides its service for free, with the option of a more comprehensive paid package should you want it.

Over 25 million people worldwide use LastPass as their password manager.

LastPass announced a worrying breach event in December 2022. Yet, it’s unclear when the breach event actually began, with some talk that the initial attack may have preceded the date by a few months.

With regard to the breach, LastPass stated that “...the threat actor exploited a vulnerability in third-party software, bypassed existing controls, and eventually accessed non-production development and backup storage environments”.

So, what information was stolen?

Key client data was taken in this breach event including: Customer Vault Data, Customer Account Secrets, API Keys, Third-Party Integration Information, and Customer Database info to August 2022.

All of this data is deeply sensitive and personal to customers, with this attack leaving a large swathe of users vulnerable.

What has LastPass done following the breach?

LastPass has made moves to strengthen its security by upgrading its platform, endpoint, and general infrastructure. This included deploying an upgraded EDR tool to harden their perimeters.

They have also boosted efforts to finetune analytics and data logging to manage preventative measures more effectively. LastPass also brought forward planned developments to improve its system.

It has since become apparent that the attack on LastPass came about through an unpatched version of Plex media player on a staff member's PC. From there, threat actors were able to access LastPass files and find a way into the company’s user database.

Norton LifeLock

In January 2023, Norton informed 6,000 of its customers that their LifeLock accounts had been breached. It was discovered that Norton’s perimeters hadn’t been breached themselves, but threat actors were targeting individuals instead.

Back in December 2022, the company noticed suspicious failed login activity which alerted their team.

It transpired that this activity was part of a credential stuffing scenario where threat actors had placed passwords of LifeLock accounts on the dark web. Other bad actors then began inputting these passwords on different accounts to try and access them.

What data was accessed?

In short — everything that was stored on the individual’s accounts.

What did Norton do?

Norton responded to this breach by resetting the passwords for the LifeLock accounts that were compromised.

They also recommended that their users began using two-factor authentication (2FA), to doubly protect their accounts.

University of York study

Researchers at the University of York conducted a study to discover the security vulnerabilities of a number of password managers including: Dashlane, LastPass, Keeper, 1Password, and RoboForm.

Worryingly, the academics were able to create a fake Google app that tricked 1Password and RoboForm into providing passwords. If the researchers could do it, so could threat actors.

It was also found that Keeper, Dashlane, and 1Password can be subjected to a brute force attack since these providers don’t gatekeep their accounts with a maximum number of login attempts.

Lastly, 1Password was the only provider that didn’t allow credentials from being pasted as clear text from a device’s clipboard. The rest are under threat from the lifting and copying of passwords, making it easier for threat actors to breach accounts.

So, are password managers a good idea?

Overall, password managers do prove to be useful and it’s evident that they do improve security.

One major upside is that they allow you to use more complex passwords that would otherwise be challenging to remember.

Yet, it remains true that all it takes is one breach of your password manager tool to unearth your unique collection of passwords — and once that happens, you are extremely vulnerable.

Another obstacle to a secure environment is that a breach can occur at the user end or the provider end. So this doubles the odds of a breach event occurring.

So, what’s the long-term solution?

A move towards identity providers that don’t rely on password authentication would help to make your security more water-tight. Examples include Azure Active Directory, Okta, and Google, to name a few.

These providers offer greater safeguarding abilities and implement a more robust multi-factor authentication (MFA) system.

Clearly, cybersecurity is a complex and ever-evolving field. There are no bulletproof methodologies to gain 100% safety in any area. It’s important to realize that all solutions come with their own downsides.

However, by implementing MFA alongside strong passwords you can create a complex path that helps to prevent threat actors from targeting your information. The more layers of cybersecurity there are, the greater the safety nets are.

How can Samurai XDR help?

Even if we are confident we have strong authentication mechanisms in place, we still need a security solution that will detect when our other controls have been breached.

That’s where Samurai XDR can help.

It’s backed by NTT’s Global Threat Intelligence Platform which provides worldwide intelligence on contemporary threats.

Deep machine learning analyzes vast amounts of data and outmaneuvers bad actors. Cover your endpoints and strengthen your vulnerabilities with our extended detection and response.

Samurai XDR is scalable to suit your business needs — so why not try it for yourself?

Request a free Beta invitation here!