O LastPass shared new information about the hack that exposed passwords and other sensitive information of its users last December. On its official blog, the company confirmed that the incident happened after the personal computer of one of its engineers was hacked.
According to LastPass, criminals took advantage of another attack that affected service in August 2022 to invade the machine of one of its employees with access to the company’s cloud storage. This action, it is worth remembering, targeted the company’s development environment and the source code of its application.
During the episode, attackers exploited yet another vulnerability, this time in the Plex media platform, to inject keylogger-type malware into the computer of one of its four engineers with access to the company’s corporate vault.
This malware, in turn, managed to capture the engineer’s access key to enter the company’s cloud service as he typed it. According to the password manager, this vault contained backups of users, keys to encrypted items, shared folders, and other data.
As the key used was valid information, the invasion ended up going unnoticed by LastPass. The criminals are believed to have had access to the password manager’s servers for at least two months.
The attack was only identified when LastPass received an alert from AWS GuardDuty Alerts that attackers had attempted to use Cloud Identity and Access Management (IAM) roles to perform unauthorized activities on its servers.
Also according to LastPass, the engineer affected by the attack has already been instructed to reinforce the security of his personal network. In addition, the company also revoked all certificates obtained by attackers, adopted a password / token rotation system and added a series of alerts to its login systems. The company also reminded its users to change their passwords.
TRANSPARENCY NOTE: The MacMagazine You receive a small commission from sales completed through links in this post, but you, as a consumer, pay nothing more for products you purchase through our affiliate links.
via Ars Technica