Well, LastPass might have not seen any evidence that customers’ passwords vaults had been accessed then, but… But when a company says it has “seen no evidence” of anything bad happening, that’s not necessarily the same as saying “nothing bad happened”?Ĭorrect. You’re probably thinking of the original announcement LastPass made back on August 25 2022, where it said that a hacker had managed to gain access to a developer’s account, and stolen some of its source code from a development environment.īack then LastPass said that it had “seen no evidence that this incident involved any access to customer data or encrypted password vaults.” So they were wrong when they said that? But wasn’t there news of a LastPass hack earlier in the year? More details can be found on the LastPass website.Just days before Christmas, when most people probably weren’t paying too much attention, password management service LastPass revealed that hackers had accessed customers’ password vaults. It’s worth noting that LastPass has a free version available, but some features require a subscription. According to LastPass, the platform now has over 30 million users and over 100,000 corporate customers. The master password for the LastPass vault should also be changed. If you’re a LastPass user, the company strongly advises you to change all your passwords stored on the platform. In addition, certificates obtained by the hackers have been revoked. The engineer was assisted in strengthening the security of their personal network while new multifactor authentications were added to LastPass’ systems. The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.įollowing the incident, LastPass has taken a number of steps to prevent future attacks along with investigating what happened. This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. The servers accessed by the attackers contained backups of LastPass customers and encrypted vault data. Twelve days after the LastPass attack, Plex confirmed that it had also suffered an attack that resulted in 15 million users’ passwords being stolen. ![]() Interestingly, ArsTechnica heard from sources that the engineer’s computer was hacked through a vulnerability found in the Plex media platform. This made it more difficult for LastPass to detect the suspicious activity. More specifically, the credentials for the servers were stolen from a DevOps engineer who had access to cloud storage at the company. Engineer’s home computer led to LastPass security breachĪs shared in a blog post (via ArsTechnica), there was a coordinated attack in August 2022 in which hackers were able to access and steal data from Amazon AWS cloud servers. ![]() ![]() Now LastPass has revealed that the incident was caused by credentials stolen from a DevOps engineer. Back in December, the company shared a statement confirming that attackers obtained such data and that users should change their passwords. The popular password manager LastPass faced a major attack last year that compromised sensitive data of its users, including passwords.
0 Comments
Leave a Reply. |