LastPass, the company that stores users’ passwords, has admitted to being hacked from the home computer of a company technology engineer.
According to Securityweek , the home computer of an engineer working for LastPass has been hacked with a keylog as part of a cyberattack campaign to steal data from cloud storage resources.
LastPass, a company owned by GoTo (formerly LogMeIn), announced it was affected by a new attack, in which hackers combined data stolen from August and a vulnerability in the software package. third party to launch a coordinated attack.
The company said the investigation that identified the threat actor ended the first attack on August 12, 2022. But the hacker has a new plan from August 12 to October 26, 2022. The second case shows hackers using the information obtained from the first case to steal data from the cloud storage before LastPass completes the reinstallation.
LastPass worked with incident response specialists at Mandiant to conduct an investigation and discovered that a corporate engineer’s home computer had been targeted to bypass security measures .
The attacker exploited a remote code execution vulnerability in third-party software, thereby installing keylogger malware on the employee’s personal computer. LastPass says the hacker was able to obtain employee passwords after multi-factor authentication (MFA) and gained access to the LastPass database.
The company admits hackers have extracted company data and shared folders. based backups These folders contain encrypted security notes with keys and decryption of AWS S3- , cloud storage resources, and several important database backups.
Previously, LastPass said that part of their source code was stolen in August 2022. In January 2023, the company confirmed that last year’s case was much more serious than initially reported, hackers had stolen account names, encrypted passwords, part of multi-factor authentication settings. (MFA). The company says it now has 30 million users and 85,000 corporate customers globally.
