breach
Safeguard articles tagged "breach" — guides, analysis, and best practices for software supply chain and application security.
8 articles
LastPass 2022-2023: A Retrospective at Depth
A detailed walk through the two LastPass breaches of 2022 and their long 2023 tail, reconstructing how a developer laptop became a vault disclosure.
AnyDesk Production Systems Compromised: Code Signing Certificates Stolen
AnyDesk confirmed a breach of their production systems in late January 2024, forcing revocation of code signing certificates and a mandatory password reset for all users.
MongoDB Atlas Breach: Customer Metadata Exposed in Corporate Systems Attack
MongoDB disclosed unauthorized access to its corporate systems in December 2023, exposing customer metadata and contact information while Atlas cluster data remained secure.
Okta's Support System Breach: Identity Provider Under Fire Again
Okta disclosed that attackers used stolen credentials to access its customer support system, downloading HAR files containing session tokens for multiple customers.
LastPass Second Breach: Encrypted Vaults Stolen Using Data from First Attack
LastPass revealed that the August breach enabled a second attack that exfiltrated encrypted customer vaults. The full scope of the damage was devastating.
Uber's 2022 Breach: How an 18-Year-Old Social Engineered Past MFA
An attacker bombarded an Uber contractor with MFA push notifications until they accepted. What followed was a full compromise of internal systems.
LastPass Breach: How a Compromised Developer Environment Exposed Millions
LastPass disclosed that an attacker accessed their development environment for four days. The full impact wouldn't be known for months.
GitHub OAuth Token Theft: The Heroku and Travis CI Breach
Attackers stole OAuth tokens from Heroku and Travis CI to access private GitHub repositories across dozens of organizations, including npm itself. The full scope of the breach took weeks to unravel.