Already smarting from a breach that put partially encrypted login information right into a risk actor’s palms, LastPass on Monday mentioned that the identical attacker hacked an worker’s residence pc and obtained an unencrypted vault out there to solely a handful of firm builders.
Though an preliminary intrusion into LastPass ended on August 12, officers with the main password supervisor mentioned the risk actor “was actively engaged in a brand new collection of reconnaissance, enumeration, and exfiltration exercise” from August 12 to August 26. Within the course of, the unknown risk actor was capable of steal legitimate credentials from a senior DevOps engineer and entry the contents of a LastPass information vault. Amongst different issues, the vault gave entry to a shared cloud-storage surroundings that contained the encryption keys for buyer vault backups saved in Amazon S3 buckets.
One other bombshell drops
“This was completed by concentrating on the DevOps engineer’s residence pc and exploiting a susceptible third-party media software program bundle, which enabled distant code execution functionality and allowed the risk actor to implant keylogger malware,” LastPass officers wrote. “The risk actor was capable of seize the worker’s grasp password because it was entered, after the worker authenticated with MFA, and acquire entry to the DevOps engineer’s LastPass company vault.”
Learn 9 remaining paragraphs | Feedback