LastPass says employee’s home computer was hacked and corporate vault taken | Ars Technica

Cyber Security Concerns In The Global Wake of Hacking Threat
LastPass says employee’s home computer was hacked and corporate vault taken by Dan Goodin (Ars Technica)

Already smarting from a breach that stole customer vaults, LastPass has more bad news.

Already smarting from a breach that put partially encrypted login data into a threat actor’s hands, LastPass on Monday said that the same attacker hacked an employee’s home computer and obtained a decrypted vault available to only a handful of company developers.Although an initial intrusion into LastPass ended on August 12, officials with the leading password manager said the threat actor “was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity” from August 12 to August 26. In the process, the unknown threat actor was able to steal valid credentials from a senior DevOps engineer and access the contents of a LastPass data vault. Among other things, the vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.

Source: LastPass says employee’s home computer was hacked and corporate vault taken | Ars Technica

1 thought on “LastPass says employee’s home computer was hacked and corporate vault taken | Ars Technica

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.