Article 699NB LastPass says employee’s home computer was hacked and corporate vault taken

LastPass says employee’s home computer was hacked and corporate vault taken

by
Dan Goodin
from Ars Technica - All content on (#699NB)
lastpass-800x534.jpg

Enlarge (credit: Leon Neal | Getty Images)

Already smarting from a breach that put partially encrypted login data into a threat actor's hands, LastPass on Monday said that the same attacker hacked an employee's home computer and obtained a decrypted vault available to only a handful of company developers.

Although an initial intrusion into LastPass ended on August 12, officials with the leading password manager said the threat actor was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity" from August 12 to August 26. In the process, the unknown threat actor was able to steal valid credentials from a senior DevOps engineer and access the contents of a LastPass data vault. Among other things, the vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.

Another bombshell drops

This was accomplished by targeting the DevOps engineer's home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware," LastPass officials wrote. The threat actor was able to capture the employee's master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer's LastPass corporate vault."

Read 9 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments