![]() LastPass officials added that the tactics, techniques, and procedures used in this incident were different from those used in the previous breach that occurred in August 2021. The employee whose home computer was hacked was one of only four LastPass employees with access to the corporate vault. Once the threat actor gained access to the decrypted vault, they exported entries, including the “decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups.” This incident occurred between August 12 and August 26, 2021. ![]() LastPass officials stated that the attacker used a vulnerable third-party media software package to implant keylogger malware that captured the employee’s master password after the employee authenticated with multi-factor authentication (MFA). ![]() LastPass, the popular password manager, announced on Monday that a threat actor who had already breached the company’s systems earlier this year was able to hack an employee’s home computer and access a decrypted vault containing sensitive information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |