![]() ![]() More details can be found on the LastPass website. It’s worth noting that LastPass has a free version available, but some features require a subscription. The move is meant to 'accelerate' growth in password management and secure sign-ins by providing more dedicated resources to LastPass. According to LastPass, the platform now has over 30 million users and over 100,000 corporate customers. The master password for the LastPass vault should also be changed. If you’re a LastPass user, the company strongly advises you to change all your passwords stored on the platform. In addition, certificates obtained by the hackers have been revoked. ![]() The engineer was assisted in strengthening the security of their personal network while new multifactor authentications were added to LastPass’ systems. The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.įollowing the incident, LastPass has taken a number of steps to prevent future attacks along with investigating what happened. This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. The servers accessed by the attackers contained backups of LastPass customers and encrypted vault data. Twelve days after the LastPass attack, Plex confirmed that it had also suffered an attack that resulted in 15 million users’ passwords being stolen. On December 22, LastPass notified their customers of a cyber security incident that may put the stored passwords of LastPass users. Interestingly, ArsTechnica heard from sources that the engineer’s computer was hacked through a vulnerability found in the Plex media platform. LastPass is a password manager that secures your passwords and personal information in an encrypted vault. This made it more difficult for LastPass to detect the suspicious activity. ![]() More specifically, the credentials for the servers were stolen from a DevOps engineer who had access to cloud storage at the company. Engineer’s home computer led to LastPass security breachĪs shared in a blog post (via ArsTechnica), there was a coordinated attack in August 2022 in which hackers were able to access and steal data from Amazon AWS cloud servers. Now LastPass has revealed that the incident was caused by credentials stolen from a DevOps engineer. Back in December, the company shared a statement confirming that attackers obtained such data and that users should change their passwords. LastPass user information exposed in data breach. Apparently, the breach took place due to a compromised developer account that was used by the hacker. Although the platform says that users' data is intact, the platform did confirm a breach of security. The popular password manager LastPass faced a major attack last year that compromised sensitive data of its users, including passwords. LastPass says employees home computer was hacked to steal a decrypted vault. LastPass, the password manager with over 33 million users worldwide, was hacked recently. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |