Company LastPass said Details of the hacking investigation that took place last year. It turned out that the attackers involved in these incidents also managed to break into the home computer of the DevOps engineer, who had access to the company’s cloud storage.
In August 2022, LastPass reported that some hackers had gained access to the company’s system. When the company announced the second incident in December, it said that the attackers used the information from the first incident to hack into the Amazon S3 cloud service, which stores LastPass data. The company also admitted that hackers stole large amounts of sensitive information.
Hackers needed decryption keys to gain access to the stolen data. To do this, the attackers targeted one of four DevOps engineers who had access to the keys needed to access the company’s cloud storage.
It has now been learned that a company engineer’s home computer was hacked a few weeks before the attack on LastPass. The attackers exploited a vulnerability in the Plex platform for this. Hackers installed a malicious keylogger (spyware to record user actions) on the employee’s computer, thanks to the hacking of the engineer’s master password.
The company recommends that all users change all passwords stored in LastPass and set a new master password to access the app.
Formerly socialbites.ca saidhackers find a way to remotely wipe all data on iPhone.