Popular password manager LastPass faced a massive attack last year that compromised sensitive user data, including passwords. The company issued a statement in December confirming that the attackers received such data and that users should change their passwords.
LastPass has now revealed that the incident was caused by stolen credentials from his DevOps engineers. As shared in the blog post (via ArsTechnica) where a engineer’s home computer led to a LastPass security breach, in August 2022 a hacker accessed his Amazon AWS his cloud server.
(Also Read : Nokia Launched C02 Mobile quietly)
There have been coordinated attacks that allow data to be stolen using Specifically, the server’s credentials were stolen by a DevOps engineer who had access to his storage in the company’s cloud. This made it more difficult for LastPass to detect suspicious activity.
Interestingly, ArsTechnica heard from a source that the engineer’s computer was hacked via a vulnerability discovered in his Plex media platform. Twelve days after the LastPass attack, Plex confirmed that he had been attacked to steal the passwords of 15 million users.
The servers accessed by the attackers contained a LastPass customer’s backups and encrypted vaults of his data. Company Description: This attacked a DevOps engineer’s home computer and exploited vulnerable third-party media software his packages to allow remote code execution for him, allowing the attacker to use keyloggers to access his malware.
(Also Read : Samsung Owned Satellites Connectivity Technology)
This was achieved by allowing the embedding of The attacker was able to obtain the employee’s master password entered and access the DevOps engineer’s LastPass corporate vault after the employee was authenticated using MFA.
Following the incident, LastPass took many steps to prevent future attacks and is investigating what happened. Technicians were able to enhance the security of their personal networks while adding new multi-factor authentication to their LastPass system. Also, the certificate obtained by the hacker has been revoked.
Change Your Password Now If you are a LastPass user, we strongly recommend that you change all passwords stored on the platform. You’ll also need to change your LastPass vault master password. According to LastPass, the platform currently has over 30 million users and over 100,000 of his corporate customers.
(Also Read : These mac Apps makes New Experience)