LastPass says DevOps engineerā€™s hacked computer led to security breach in 2022

lastpass-says-devops-engineerā€™s-hacked-computer-led-to-security-breach-in-2022
LastPass security breach | Promo image

The popular password manager LastPass faced a major attack last year that compromised sensitive data of its users, including passwords. Back in December, the company shared a statement confirming that attackers obtained such data and that users should change their passwords. Now LastPass has revealed that the incident was caused by credentials stolen from a DevOps engineer.

Engineerā€™s home computer led to LastPass security breach

As shared in a blog post (via ArsTechnica), there was a coordinated attack in August 2022 in which hackers were able to access and steal data from Amazon AWS cloud servers. More specifically, the credentials for the servers were stolen from a DevOps engineer who had access to cloud storage at the company. This made it more difficult for LastPass to detect the suspicious activity.

Interestingly, ArsTechnica heard from sources that the engineerā€™s computer was hacked through a vulnerability found in the Plex media platform. Twelve days after the LastPass attack, Plex confirmed that it had also suffered an attack that resulted in 15 million usersā€™ passwords being stolen.

The servers accessed by the attackers contained backups of LastPass customers and encrypted vault data. Hereā€™s what the company says:

This was accomplished by targeting the DevOps engineerā€™s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. The threat actor was able to capture the employeeā€™s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineerā€™s LastPass corporate vault.

Following the incident, LastPass has taken a number of steps to prevent future attacks along with investigating what happened. The engineer was assisted in strengthening the security of their personal network while new multifactor authentications were added to LastPassā€™ systems. In addition, certificates obtained by the hackers have been revoked.

Change your passwords now

If youā€™re a LastPass user, the company strongly advises you to change all your passwords stored on the platform. The master password for the LastPass vault should also be changed. According to LastPass, the platform now has over 30 million users and over 100,000 corporate customers.

Itā€™s worth noting that LastPass has a free version available, but some features require a subscription. More details can be found on the LastPass website.

Add 9to5Mac to your Google News feed.Ā 

FTC: We use income earning auto affiliate links. More.

Leave a Reply

Your email address will not be published. Required fields are marked *

google-announces-9-android-updates-at-mobile-world-congress

Google Announces 9 Android Updates at Mobile World Congress

new-google-pixel-phone-appears-at-fcc

New Google Pixel phone appears at FCC