LastPass developer’s computer hacked as part of last year’s breach

Share post:

LastPass, the popular password manager, experienced a significant data breach last year, and it has now been revealed that the hackers also targeted a senior developer’s home computer.

To aid in data theft, the hackers compromised the home computer of one of the company’s DevOps engineers. They also stole the encryption keys used by LastPass to secure user data. Passwords, addresses, credit card information, and other sensitive information are among the data stored by LastPass users.

According to the report, that person’s home computer was compromised by exploiting a vulnerable third-party media software package, which enabled remote code execution and allowed the threat actor to install keylogger malware. After authenticating with multi-factor authentication, the threat actor was able to capture the employee’s master password as it was entered and gain access to the DevOps engineer’s LastPass corporate vault.

“The threat actor then exported the native corporate vault entries and content of shared folders, LastPass says, “which contained encrypted secure notes with access and decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups.”

A threat actor exfiltrated encrypted backups involving LastPass’s Central, Pro,, Hamachi, and RemotelyAnywhere products that were stored on Amazon’s cloud storage. An encryption key for a portion of the encrypted backups was also stolen. Some source code and technical data were also taken.

The sources for this piece include an article in ITWorldCanada.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways