HomeTECHNOLOGYLastPass says employee's home computer was hacked to steal a decrypted vault

LastPass says employee’s home computer was hacked to steal a decrypted vault


Related stories

Explore 101Desires.com for the Pinnacle of Technical Updates

Unlock the full potential of Google Workspace with 101Desires.com...

TrendzGuruji.me Cyber: Empowering Your Digital Fortress for Unbeatable Cyber Resilience in 2024

TrendzGuruji.me Cyber is a fast-growing platform that's changing the...

Terry Lee Flenory Age, Life, and Other Interesting Facts (2023)

Detroit, Michigan native Terry Lee Flenory is a successful...

The SWGoH Web Store: Your Path to Galactic Domination (Updated 2023)

Star Wars: Galaxy of Heroes, also known as SWGoH,...

Emma Argues with Principal Figgins: A Clash of Wills

Introduction Emma had always been a diligent student, dedicated to...


In brief: Password manager LastPass has revealed details of a breach last year that resulted in partially encrypted user login data being stolen. The company confirmed that the incident stemmed from a previous hack in August that enabled the hacker to steal credentials from a DevOps engineer’s home computer and obtain a decrypted vault.

In December, LastPass said it had detected unusual activity within an AWS cloud storage service that the organization and GoTo, the company formerly known as LogMeIn that acquired LastPass in 2021, share. It was determined that the hacker was able to gain access to “certain elements” of customers’ data. This was achieved using information acquired from the previous hack on LastPass in August.

LastPass revealed more details of the second incident yesterday. It writes that although the initial breach ended on August 12, the hacker “was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity” from August 12 to August 26. The threat actor was able to steal credentials from a senior DevOps engineer during this period and access the company’s shared cloud storage, which contained the encryption keys for customer vault backups stored in Amazon S3 buckets.

Part of the attack involved the home computer of the engineer, one of only four with access to the decryption keys, being infected with a keylogger. This was achieved by exploiting a remote code execution vulnerability in a third-party media software package. Ars Technica writes that the software in question was the streaming media service/media player Plex.

“The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault,” writes LastPass.

Back in August, just 12 days after the second LastPass incident began, Plex announced the discovery of suspicious activity in one of its databases and found that a third party had accessed a subset of data that included emails, usernames, and encrypted passwords. Whether this was linked to the LastPass breach is unclear.

LastPass has revealed a detailed list of everything accessed during the breaches. If you’re a user, changing the master password and all passwords in your vault would be a wise move.


Source link


- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories