New Details in LastPass Breach Investigation Reveal Employee’s Home PC was Hacked
The ongoing saga regarding the LastPass hack is far from over. In a new update stemming from its investigation into multiple security incidents that took place last year, it gets even worse.
According to the update, it was discovered that the threat actors involved in the breaches from last year were also able to access the home computer of a LastPass employee who is a DevOp engineer for the company. Access was achieved via a third-party media software package. Once the hacker gained access to the employee’s computer, a keylogger was installed which allowed them to capture the engineer’s master password for an account that could access the company’s corporate vault. Once this vault was opened, they exported the entries and shared the contents that contained decryption keys needed to unlock cloud-based Amazon S3 buckets with customer vault backups.
In a support document LastPass released via BleepingComputer, the information that was stolen from the cloud-based backups were revealed, which included “API Secrets, third-party integration secrets, customer metadata and backups of all customer vault data.”
LastPass insists that all sensitive customer vault data, with the exception of some pieces, “can only be decrypted with a unique encryption key derived from each user’s master password.” They also noted steps they have taken to strengthen their defense going forward, which includes revising its threat detection and making “a multi-million-dollar allocation to enhance [its] investment in security across people, processes, and technology.”
Story via Engadget