The servers accessed by the attackers contained backups of LastPass customers and encrypted vault data.
Twelve days after the LastPass attack, Plex confirmed that it had also suffered an attack that resulted in 15 million users’ passwords being stolen. Interestingly, ArsTechnica heard from sources that the engineer’s computer was hacked through a vulnerability found in the Plex media platform. This made it more difficult for LastPass to detect the suspicious activity. More specifically, the credentials for the servers were stolen from a DevOps engineer who had access to cloud storage at the company.
Engineer’s home computer led to LastPass security breachĪs shared in a blog post (via ArsTechnica), there was a coordinated attack in August 2022 in which hackers were able to access and steal data from Amazon AWS cloud servers. Now LastPass has revealed that the incident was caused by credentials stolen from a DevOps engineer. Back in December, the company shared a statement confirming that attackers obtained such data and that users should change their passwords. The popular password manager LastPass faced a major attack last year that compromised sensitive data of its users, including passwords.
0 kommentar(er)
