![]() ![]() The hacker then used the data from this vault to access and steal data from a LastPass cloud storage environment. “The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault,” LastPass said. ![]() LastPass said the hacker achieved this goal by targeting the engineer’s home computer and exploiting a “vulnerable third-party media software package”, which allowed the threat actor to implant keylogger malware. This engineer was one of four staff members that had access to the decryption keys needed to access the cloud storage service. In a recent incident report, LastPass said the threat actor was able to decrypt the information it had stolen in August by targeting a DevOps engineer. The password management platform confirmed it suffered a data breach last December, after an “unknown threat actor” accessed its customer vault by using source code and technical information obtained from an earlier cyberattack in August. LastPass has shared more details on the recent cyberattack that saw customer data stolen from the company’s cloud storage. The hacker implanted keylogger malware to capture the employee’s master password, which gave access for months before it was detected. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |