LastPass password management service revealed more details on the wave of attacks it suffered last year on Monday, 27th. The company detailed another data-infringing part of the criminal process after bringing details about the stolen information in December. This time the company The attacker hacked into an employee’s home computer and managed to copy the decrypted company vault.can only be used by four company employees.
The password manager, who called the incident “Event 2” in the chain of suspicious activities that occurred between August 12 and 26, disclosed additional details of the attack on his website: the target was a DevOps engineer, if your computer is infected with a keylogger (keystroke logger) as part of an ongoing cyberattack to steal sensitive data stored in the Amazon AWS cloud service.
According to the advisory, “the threat actor exploited information stolen during the first incident, information obtained from a third-party data breach, and a vulnerability in the third-party media software package to launch a second coordinated attack.”
How was the invasion discovered?
The second incident was reported by Amazon after detecting an unusual behavior: threat actor attempted to use AWS Identity and Access Management (IAM) service roles to perform unauthorized procedures.
It was disclosed by someone who had access to the internal report, although LastPass did not confirm this. Ars Teknik that the media software used on the engineer’s computer is from Plex, a streaming service that allows users to stream movies and audio from their home servers. Not coincidentally, the Plex network was also hacked on August 24.
After the invasion, LastPass assured that it has updated its security posture, migrated to critical and high-privilege credentials known to be in hacker hands, and other low-priority items that do not pose a risk to the company. or customers. But, It is strongly recommended that all service users change their master password and all passwords stored in their vaults..
Source: Tec Mundo
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.
