anonym.legal

By · Last updated 2026-03-17

返回博客技术

LastPass泄露:供应商安全教训

LastPass对用户数据进行了加密,保险库仍然被窃取。60万条以上Okta记录随之而来。SaaS安全事件从2022年到2024年增加了300%。

March 17, 20268 分钟阅读
LastPass breach lessonsSaaS vendor securitycloud vendor riskenterprise securityzero-knowledge architecture

改变云安全格局的事件

2026年更新

2022年的LastPass泄露本质上不是关于密码管理器的,而是关于信任。机构信任云供应商保管数据,这种信任破裂了,原因是隐藏的缺陷,而非鲁莽行为。

LastPass销售零知识设计,但实践中并非零知识。2500万用户的加密保险库被盗,攻击首次披露于2022年8月,LastPass多次修订披露内容,完整范围在2022年底才浮出水面。

对于医疗、金融和法律行业的机构,这不是遥远的新闻,这些行业在数据泄露时面临真实的法律责任。LastPass案是更广泛问题的早期信号。

使攻击成为可能的两个缺陷

密钥设置薄弱: LastPass使用PBKDF2进行密钥派生。新账户有100,100次迭代,OWASP推荐60万次。部分旧账户只有1次迭代,迭代次数越少,暴力破解越快越便宜,持有保险库文件的攻击者可以高速测试主密码。

明文元数据: 保险库内容已加密,但元数据没有。URL、用户名和服务名称在被盗数据中一览无余,攻击者可以看到每个用户拥有哪些服务的账户,这使有针对性的网络钓鱼和凭证填充成为可能,无需破解保险库。

这个案例说明为什么两个问题必须分开提问:"设计是零知识的吗?"是一个问题,"构建是否正确?"是另一个问题。

2023年Okta:不同的攻击,相同的结果

2023年10月,Okta报告了一起安全事件,一个被盗凭证给攻击者提供了对其客户支持系统的访问权限,暴露了60万条以上支持记录,包括客户在支持会话期间上传的文件。

Okta是一个身份安全平台,问题不是设计缺陷,而是访问控制失败——一名支持工程师的登录被盗,攻击者利用它访问了敏感数据。

LastPass和Okta展示了供应商被攻破的两条主要路径:

  • 设计失败 — 未正确构建的零知识声明
  • 访问控制失败 — 使用有效凭证访问不应访问的数据

零知识设计可以防止第一种类型,但无法阻止持有有效支持凭证的攻击者。它确实阻止了那个攻击者读取客户数据——供应商从不持有可解密的内容。

SaaS安全事件两年增长300%

Obsidian Security发现SaaS平台安全事件从2022年到2024年增长了300%。这不是攻击者技能的300%提升,两种力量共同推动了这一结果:SaaS使用量快速增长,攻击者跟随数据而来,一次供应商泄露可以同时暴露来自数十个客户的数据——这种回报有利于针对供应商而非针对单个企业的攻击。

向任何云供应商提问的核查清单

加密设置:

  • 索取密钥派生算法、迭代次数和内存设置
  • 确认迭代次数符合OWASP最低要求(60万次PBKDF2-SHA256或等效的Argon2id)
  • 验证密钥派生在您的设备上运行,而非在供应商服务器上

元数据暴露:

  • 询问与加密内容并排存储的明文元数据有哪些
  • 索取数据模型,应显示哪些字段已加密,哪些在攻击中可见

支持访问:

  • 询问支持人员是否可以访问客户数据
  • 确认支持系统无法访问客户明文

事件历史:

  • 索取所有过往安全事件记录,包括低于公开披露门槛的事件
  • 评估过往披露的完整性和诚实度

请参阅合规概述了解供应商评估指南。

anonym.legal为PII匿名化使用零知识架构。密钥派生通过您浏览器或桌面应用中的Argon2id运行。加密在数据离开您的设备之前进行。服务器只存储无法解密的密文。了解更多

参考资料

相关文章

技术

Cross-Platform PII: Mac, Linux, and Windows

Privacy officers on Mac, legal on Windows, data engineers on Linux — all processing the same data with different tools. Here's why OS-agnostic detection.

技术

Cross-Application PII: Word, Chrome, and AI

Customer data flows from browser research to Word drafts to Claude prompts. Each context switch is a potential leakage point.

技术

GDPR in App Logs: JSON PII Compliance

Application logs contain customer email addresses, IPs, and account numbers that GDPR Article 5(1)(e) requires be managed.

准备好保护您的数据了吗?

开始使用 285 种实体类型在 48 种语言中匿名化 PII。

开始免费试用查看功能

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.