LastPass, the popular password manager, experienced a significant data breach last year, and it has now been revealed that the hackers also targeted a senior developer’s home computer.
To aid in data theft, the hackers compromised the home computer of one of the company’s DevOps engineers. They also stole the encryption keys used by LastPass to secure user data. Passwords, addresses, credit card information, and other sensitive information are among the data stored by LastPass users.
According to the report, that person’s home computer was compromised by exploiting a vulnerable third-party media software package, which enabled remote code execution and allowed the threat actor to install keylogger malware. After authenticating with multi-factor authentication, the threat actor was able to capture the employee’s master password as it was entered and gain access to the DevOps engineer’s LastPass corporate vault.
“The threat actor then exported the native corporate vault entries and content of shared folders, LastPass says, “which contained encrypted secure notes with access and decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups.”
A threat actor exfiltrated encrypted backups involving LastPass’s Central, Pro, join.me, Hamachi, and RemotelyAnywhere products that were stored on Amazon’s cloud storage. An encryption key for a portion of the encrypted backups was also stolen. Some source code and technical data were also taken.
The sources for this piece include an article in ITWorldCanada.