Skip to content

LastPass API Token

Service Name: LastPass

Service Description: LastPass is a password management service that stores encrypted passwords online. It offers features for secure password storage, generation, and sharing across devices and teams.

Service Address: https://www.lastpass.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the enterprise account level through LastPass Enterprise policies.

Secret Access Scope: Grants programmatic access to LastPass Enterprise API, allowing management of users, groups, and organizational policies.

Secret Revokement URL: https://admin.lastpass.com/admin/#/enterprise/administration/api

Secret Example: e5c1f76c-9b7d-4d8a-b193-04661a55c9ea

Suspicious Activity Investigation Instructions:

  • Review LastPass admin console for unauthorized API calls or changes
  • Check LastPass event logs for unusual access patterns or locations
  • Monitor for unexpected user account changes, policy modifications, or data exports
  • Verify if any unauthorized sharing centers or groups were created
  • Examine API call history for suspicious operations like mass password exports

Mitigation Instructions:

  • Log in to the LastPass Enterprise Admin Console
  • Navigate to Advanced > API

  • Locate the compromised API token and click "Delete"

  • Generate a new API token if needed
  • Review and update IP restrictions for API access if applicable
  • Consider implementing additional security measures like IP allowlisting
  • Audit user permissions and access rights across the organization
  • Enable additional security controls like multi-factor authentication for admin

accounts